CVE-2025-40916

CVE-2025-40916: Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha text

Vendor Gryphon
Product Mojolicious::Plugin::CaptchaPNG
Weakness CWE-338
Published June 16, 2025
Last update June 16, 2025

CVSS base score

What the vulnerability does

01Description

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.

Key dates

02Disclosure timeline

June 16, 2025 CVE published
June 16, 2025 Record updated