CVE-2025-40920 – Apache::Catalyst::Authentication::Credential::HTTP Weak Nonce Generation

August 11, 2025

CVE ID : CVE-2025-40920

Published : Aug. 11, 2025, 9:15 p.m. | 3 hours, 7 minutes ago

Description : Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs.
* Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.
* The nonces should be generated from a strong cryptographic source, as per RFC 7616.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-25235 – Omnissa Secure Email Gateway (SEG) SSRF

Next Article CVE-2025-54878 – NASA CryptoLib Heap Buffer Overflow Vulnerability

GitHub’s CEO Thomas Dohmke steps down, triggering tighter integration of company within Microsoft

bitHuman launches SDK for creating AI avatars

Designing With AI, Not Around It: Practical Advanced Techniques For Product Design Use Cases

Why Companies Are Investing in AI-Powered React.js Development Services in 2025

I found a Google Maps alternative that won’t track you or drain your battery – and it’s free

I tested this new AI podcast tool to see if it can beat NotebookLM – here’s how it did

Microsoft’s new update makes your taskbar a productivity hub – here’s how

Save $50 on the OnePlus Pad 3 plus get a free gift – here’s the deal

Laravel Global Scopes: Automatic Query Filtering

Laravel Global Scopes: Automatic Query Filtering

Building MCP Servers in PHP

Filament v4 is Stable!

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

I Asked OpenAI’s New Open-Source AI Model to Complete a Children’s School Test — Is It Smarter Than a 10-Year-Old?

Madden NFL 26 Leads This Week’s Xbox Drops—But Don’t Miss These Hidden Gems

ASUS G14 Bulked Up for 2025—Still Sexy, Just a Bit Chonkier

CVE-2025-40920 – Apache::Catalyst::Authentication::Credential::HTTP Weak Nonce Generation

Update WinRAR tools now: RomCom and others exploiting zero-day vulnerability

WinRAR zero-day exploited in espionage attacks against high-value targets

Inroads to personalized AI trip planning

CVE-2025-3849 – YXJ2018 SpringBoot-Vue-OnlineExam Remote Unverified Password Change Vulnerability

CVE-2025-46701 – Apache Tomcat GCI Servlet Case Sensitivity Security Constraint Bypass

mitmproxy – interactive HTTPS proxy

CVE-2024-49842 – Microsoft Hyper-V Memory Corruption Vulnerability

CoreDNS Vulnerability Let Attackers Exhaust Server Memory Via Amplification Attack

CVE-2025-31260 – Apple macOS Sequoia Permission Escalation Vulnerability

CVE-2025-28203 – Victure RX1800 Command Injection Vulnerability

CVE-2025-40920 – Apache::Catalyst::Authentication::Credential::HTTP Weak Nonce Generation

Related Posts