CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

July 17, 2025

CVE ID : CVE-2025-40924

Published : July 17, 2025, 2:15 p.m. | 16 minutes ago

Description : Catalyst::Plugin::Session before version 0.44 for Perl generates session ids insecurely.

The session id is generated from a (usually SHA-1) hash of a simple counter, the epoch time, the built-in rand function, the PID and the current Catalyst context. This information is of low entropy. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Predicable session ids could allow an attacker to gain access to systems.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-51630 – TOTOLINK N350RT Buffer Overflow Vulnerability

Next Article CVE-2025-1713 – Intel PCI Interrupt Remapping Deadlock Vulnerability

Highlights

CVE-2025-5168 – Assimp Out-of-Bounds Read Vulnerability

May 26, 2025

CVE ID : CVE-2025-5168

Published : May 26, 2025, 4:15 a.m. | 55 minutes ago

Description : A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been rated as problematic. Affected by this issue is the function MDLImporter::ImportUVCoordinate_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument iIndex leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Microsoft Graph CLI to be retired

The state of DevOps and AI: Not just hype

A Breeze Of Inspiration In September (2025 Wallpapers Edition)

10 Top Generative AI Development Companies for Enterprise Node.js Projects

I asked AI to modify mission-critical code, and what happened next haunts me

Why you should delete your browser extensions right now – or do this to stay safe

Dolby Vision 2 comes with big upgrades – here’s which TVs get them first

This one small feature makes this travel charger my favorite for business trips

Laracon AU 2025 Talk Titles Revealed

Laracon AU 2025 Talk Titles Revealed

Handle ownership relationships between Eloquent models with Laravel Ownable

Stop Writing Bad Controllers: Laravel Custom Collections Transform Your Code

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

Lenovo Legion Go 2 confirmed with Ryzen Z2 Extreme, 1200p OLED 144Hz display & 74Wh battery

How to Open Ports in Firewall on Windows Server

Google TV Remote Not Working? 5 Quick Fixes

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Malicious npm Package nodejs-smtp Mimics Nodemailer, Targets Atomic and Exodus Wallets

Silver Fox Exploits Microsoft-Signed WatchDog Driver to Deploy ValleyRAT Malware

CVE-2025-2633 – NI LabVIEW Out-of-Bounds Read Arbitrary Code Execution

(CVE-2025-33053) New 0-Day in WebDAV Exposes Servers to Remote Code Execution — Here’s What You…

Google AI Introduces the Test-Time Diffusion Deep Researcher (TTD-DR): A Human-Inspired Diffusion Framework for Advanced Deep Research Agents

“PS5 makes the most sense at the moment.” Ori dev suggests ‘No Rest for the Wicked’ will skip Xbox (for launch) due to “market conditions.”

CVE-2025-5168 – Assimp Out-of-Bounds Read Vulnerability

CVE-2025-27151 – Redis Stack-Based Buffer Overflow Vulnerability

Tunnel Run game in 170 lines of pure JS

The Elder Scrolls Online Direct April 2025 reveals Subclasses, the Worm Cult, and more

CVE-2025-40924 – Catalyst::Plugin::Session Insecure Session ID Generation

Related Posts