Weak Token Generation in Mojolicious Plugin for Perl
CVE-2025-40915

7HIGH

Key Information:

Vendor: Gryphon
Status: Mojolicious::plugin::csrf
Vendor: CVE Published:; 11 June 2025

What is CVE-2025-40915?

Mojolicious::Plugin::CSRF version 1.03 for Perl is susceptible to a security issue due to its reliance on a weak random number generator when creating Cross-Site Request Forgery (CSRF) tokens. The identified method uses a combination of the process ID, the current time, and the built-in rand() function, resulting in predictable token generation. This flaw could allow attackers to exploit CSRF vulnerabilities effectively, compromising the integrity and security of web applications utilizing this plugin. It is advisable for users to upgrade to the latest version to mitigate risks associated with this vulnerability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Mojolicious::Plugin::CSRF 1.03

References

https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-C...

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jun 11, 2025
Vulnerability Reserved
Apr 16, 2025

JSON

Gryphon

What is CVE-2025-40915?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.