CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

June 11, 2025

CVE ID : CVE-2025-40915

Published : June 11, 2025, 5:15 p.m. | 3 hours, 13 minutes ago

Description : Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.

That version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.

Severity: 7.0 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-22874 – DigiCert SSL Verify Certificate Validation Bypass

Next Article CVE-2025-4673 – Apache Web Server HTTP Header Information Disclosure

How To Prevent WordPress SQL Injection Attacks

Java never goes out of style: Celebrating 30 years of the language

OpenAI o3-pro available in the API, BrowserStack adds Playwright support for real iOS devices, and more – Daily News Digest

Creating The “Moving Highlight” Navigation Bar With JavaScript And CSS

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

Minecraft Vibrant Visuals finally has a release date and it’s dropping with the Happy Ghasts

QAQ-QQ-AI-QUEST

QAQ-QQ-AI-QUEST

JS Dark Arts: Abusing prototypes and the Result type

Helpful Git Aliases To Maximize Developer Productivity

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Microsoft Copilot’s own default configuration exposed users to the first-ever “zero-click” AI attack, but there was no data breach

Sam Altman says “OpenAI was forced to do a lot of unnatural things” to meet the Ghibli memes demand surge

5 things we didn’t get from the Xbox Games Showcase, because Xbox obviously hates me personally

CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

Ransomware Gangs Exploit Unpatched SimpleHelp Flaws to Target Victims with Double Extortion

More From Our Main Blog: The Good, the Bad and the Ugly in Cybersecurity – Week 24

FBI: Play ransomware breached 900 victims, including critical orgs

Building Trust with Explainable AI: Why Transparency Is the Future of Intelligent Business🔍

CodeSOD: Buff Reading

“This isn’t good enough”: The Elden Ring Nightreign Digital Foundry tech review is here, and both Xbox and PS5 players will be disappointed by the results

Rilasciato Hyprland 0.49: Permessi avanzati e nuove funzionalità per il compositor Wayland dinamico su GNU/Linux

Introduction to Terraform: Infrastructure as Code Basics

CVE-2025-46736 – Umbraco Account Existence Disclosure

CVE-2025-48133 – Uncanny Owl Uncanny Automator Missing Authorization Vulnerability

CVE-2025-40915 – Mojolicious::Plugin::CSRF Weak Random Number Generation CSRF Vulnerability

Related Posts