CVE-2025-15578

CVE-2025-15578: Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely

Vendor Teejay
Product Maypole
Weakness CWE-338
Published February 16, 2026
Last update February 17, 2026

CVSS base score

What the vulnerability does

01Description

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.

Key dates

02Disclosure timeline

February 16, 2026 CVE published
February 17, 2026 Record updated