CVE-2025-40915

CVE-2025-40915: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens

Vendor Gryphon
Product Mojolicious::Plugin::CSRF
Weakness CWE-338
Published June 11, 2025
Last update June 11, 2025

CVSS base score

What the vulnerability does

01Description

Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens. That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

Key dates

02Disclosure timeline

June 11, 2025 CVE published
June 11, 2025 Record updated