CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

July 17, 2025

CVE ID : CVE-2025-40924

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.

The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-51630 – TOTOLINK N350RT Buffer Overflow Vulnerability

Next Article CVE-2025-1713 – Intel PCI Interrupt Remapping Deadlock Vulnerability

Report: 71% of tech leaders won’t hire devs without AI skills

Slack’s AI search now works across an organization’s entire knowledge base

In-House vs Outsourcing for React.js Development: Understand What Is Best for Your Enterprise

Tiny Screens, Big Impact: The Forgotten Art Of Developing Web Apps For Feature Phones

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

OpenAI introduces “ChatGPT agent” as the ultimate jack of all AI trades — with its own computer to check out your to-do list

This Android wearable lasts for days, and left my Samsung Galaxy Watch in the dust

This physical Clicks keyboard is the Pixel 9 upgrade I didn’t know I needed

The details of TC39’s last meeting

The details of TC39’s last meeting

Reclaim Space: Delete Docker Orphan Layers

Notes Android App Using SQLite

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

Elon Musk says we’re in the “intelligence big bang” — after warning that a power crunch could kill the AI revolution this year

How to Fix Unable to Login to Facebook on PC (Step-by-Step)

OpenAI introduces “ChatGPT agent” as the ultimate jack of all AI trades — with its own computer to check out your to-do list

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Critical mcp-remote Vulnerability Enables Remote Code Execution, Impacting 437,000+ Downloads

UNC6148 Backdoors Fully-Patched SonicWall SMA 100 Series Devices with OVERSTEP Rootkit

OpenAI upgrades ChatGPT with Codex – and I’m seriously impressed (so far)

CVE-2025-3482 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

Turn Data Chaos into AI Clarity with Data Quality Management

DarkWatchman, Sheriff Malware Hit Russia and Ukraine with Stealth and Nation-Grade Tactics

Best antivirus for Mac in 2025: I tested your top software options

Plotly brings vibe coding to visual data app development

CVE-2025-32977 – Quest KACE Unauthenticated Backup Upload

Avast Antivirus Vulnerability Let Attackers Escalate Privileges

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Related Posts