Weak Token Generation in Mojolicious Plugin for Perl
CVE-2025-40915
7HIGH
What is CVE-2025-40915?
Mojolicious::Plugin::CSRF version 1.03 for Perl is susceptible to a security issue due to its reliance on a weak random number generator when creating Cross-Site Request Forgery (CSRF) tokens. The identified method uses a combination of the process ID, the current time, and the built-in rand() function, resulting in predictable token generation. This flaw could allow attackers to exploit CSRF vulnerabilities effectively, compromising the integrity and security of web applications utilizing this plugin. It is advisable for users to upgrade to the latest version to mitigate risks associated with this vulnerability.
Affected Version(s)
Mojolicious::Plugin::CSRF 1.03