Common Weakness Enumeration

CWE-340

Allowed-with-Review

Generation of Predictable Numbers or Identifiers

Abstraction: Class · Status: Incomplete

The product uses a scheme that generates numbers or identifiers that are more predictable than required.

69 vulnerabilities reference this CWE, most recent first.

CVE-2026-2439 (GCVE-0-2026-2439)

Vulnerability from cvelistv5 – Published: 2026-02-16 21:25 – Updated: 2026-02-17 14:45
VLAI
Title
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids
Summary
Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl's built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically, * There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason. * The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses. * UUIDs are identifiers whose mere possession grants access, as per RFC 9562. * The output of the built-in rand() function is predictable and unsuitable for security applications.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
Impacted products
Vendor Product Version
BVA Concierge::Sessions Affected: 0.8.1 , < 0.8.5 (custom)
Create a notification for this product.
Credits
Robert Rothenberg
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-2439",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T14:44:27.594037Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T14:45:00.408Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Concierge-Sessions",
          "product": "Concierge::Sessions",
          "programFiles": [
            "lib/Concierge/Sessions/Base.pm"
          ],
          "repo": "https://github.com/bwva/Concierge-Sessions",
          "vendor": "BVA",
          "versions": [
            {
              "lessThan": "0.8.5",
              "status": "affected",
              "version": "0.8.1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Robert Rothenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids. The generate_session_id function in Concierge::Sessions::Base defaults to using the uuidgen command to generate a UUID, with a fallback to using Perl\u0027s built-in rand function. Neither of these methods are secure, and attackers are able to guess session_ids that can grant them access to systems. Specifically,\n\n  *  There is no warning when uuidgen fails. The software can be quietly using the fallback rand() function with no warnings if the command fails for any reason.\n  *  The uuidgen command will generate a time-based UUID if the system does not have a high-quality random number source, because the call does not explicitly specify the --random option. Note that the system time is shared in HTTP responses.\n  *  UUIDs are identifiers whose mere possession grants access, as per RFC 9562.\n  *  The output of the built-in rand() function is predictable and unsuitable for security applications."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-16T21:25:21.091Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "related"
          ],
          "url": "https://metacpan.org/release/BVA/Concierge-Sessions-v0.8.4/diff/BVA/Concierge-Sessions-v0.8.5#lib/Concierge/Sessions/Base.pm"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://www.rfc-editor.org/rfc/rfc9562.html#name-security-considerations"
        },
        {
          "tags": [
            "related"
          ],
          "url": "https://perldoc.perl.org/5.42.0/functions/rand"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/bwva/Concierge-Sessions/commit/20bb28e92e8fba307c4ff8264701c215be65e73b"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to Concierge::Sessions v0.8.5 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Concierge::Sessions versions from 0.8.1 before 0.8.5 for Perl generate insecure session ids",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2026-2439",
    "datePublished": "2026-02-16T21:25:21.091Z",
    "dateReserved": "2026-02-12T23:47:52.767Z",
    "dateUpdated": "2026-02-17T14:45:00.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-69286 (GCVE-0-2025-69286)

Vulnerability from cvelistv5 – Published: 2025-12-31 21:52 – Updated: 2026-01-02 14:35
VLAI
Title
RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability
Summary
RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner's account. Version 0.22.0 fixes the issue.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
Impacted products
Vendor Product Version
infiniflow ragflow Affected: < 0.22.0
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-69286",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-02T14:16:35.778286Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-02T14:35:31.041Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-9j5g-g4xm-57w7"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "ragflow",
          "vendor": "infiniflow",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 0.22.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "RAGFlow is an open-source RAG (Retrieval-Augmented Generation) engine. In versions prior to 0.22.0, the use of an insecure key generation algorithm in the API key and beta (assistant/agent share auth) token generation process allows these tokens to be mutually derivable. Specifically, both tokens are generated using the same `URLSafeTimedSerializer` with predictable inputs, enabling an unauthorized user who obtains the shared assistant/agent URL to derive the personal API key. This grants them full control over the assistant/agent owner\u0027s account. Version 0.22.0 fixes the issue."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.9,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-31T21:52:54.304Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-9j5g-g4xm-57w7",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/infiniflow/ragflow/security/advisories/GHSA-9j5g-g4xm-57w7"
        },
        {
          "name": "https://github.com/infiniflow/ragflow/commit/a3bb4aadcc3494fb27f2a9933b4c46df8eb532e6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/infiniflow/ragflow/commit/a3bb4aadcc3494fb27f2a9933b4c46df8eb532e6"
        },
        {
          "name": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/apps/system_app.py#L214-L215",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/apps/system_app.py#L214-L215"
        },
        {
          "name": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/__init__.py#L343",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/__init__.py#L343"
        },
        {
          "name": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/api_utils.py#L378",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/infiniflow/ragflow/blob/v0.20.5/api/utils/api_utils.py#L378"
        }
      ],
      "source": {
        "advisory": "GHSA-9j5g-g4xm-57w7",
        "discovery": "UNKNOWN"
      },
      "title": "RAGFlow has Predictable Token Generation Leading to Authentication Bypass Vulnerability"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-69286",
    "datePublished": "2025-12-31T21:52:54.304Z",
    "dateReserved": "2025-12-31T16:36:25.943Z",
    "dateUpdated": "2026-01-02T14:35:31.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-68701 (GCVE-0-2025-68701)

Vulnerability from cvelistv5 – Published: 2026-01-13 19:21 – Updated: 2026-01-13 19:55
VLAI
Title
Jervis has Deterministic AES IV Derivation from Passphrase
Summary
Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-327 - Use of a Broken or Risky Cryptographic Algorithm
  • CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
References
Impacted products
Vendor Product Version
samrocketman jervis Affected: < 2.2
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-68701",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-01-13T19:55:52.171609Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-01-13T19:55:56.668Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jervis",
          "vendor": "samrocketman",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 2.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Jervis is a library for Job DSL plugin scripts and shared Jenkins pipeline libraries. Prior to 2.2, Jervis uses deterministic AES IV derivation from a passphrase. This vulnerability is fixed in 2.2."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-327",
              "description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-01-13T19:21:30.074Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/samrocketman/jervis/security/advisories/GHSA-crxp-chh4-9ghp",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/samrocketman/jervis/security/advisories/GHSA-crxp-chh4-9ghp"
        },
        {
          "name": "https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/samrocketman/jervis/commit/c3981ff71de7b0f767dfe7b37a2372cb2a51974a"
        }
      ],
      "source": {
        "advisory": "GHSA-crxp-chh4-9ghp",
        "discovery": "UNKNOWN"
      },
      "title": "Jervis has Deterministic AES IV Derivation from Passphrase"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-68701",
    "datePublished": "2026-01-13T19:21:30.074Z",
    "dateReserved": "2025-12-23T22:32:51.732Z",
    "dateUpdated": "2026-01-13T19:55:56.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62294 (GCVE-0-2025-62294)

Vulnerability from cvelistv5 – Published: 2025-11-20 15:43 – Updated: 2025-11-20 18:59
VLAI
Title
Predictable Generation of Password Recovery Token
Summary
SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time. This issue was fixed in version 1.55.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
References
Impacted products
Vendor Product Version
SOPlanning SOPlanning Affected: 0 , < 1.55 (semver)
Create a notification for this product.
Date Public
2025-11-20 10:55
Credits
Łukasz Jaworski (Pentest Limited)
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62294",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-11-20T18:26:49.099903Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-11-20T18:59:36.982Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "SOPlanning",
          "vendor": "SOPlanning",
          "versions": [
            {
              "lessThan": "1.55",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "\u0141ukasz Jaworski (Pentest Limited)"
        }
      ],
      "datePublic": "2025-11-20T10:55:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time.\u003cbr\u003e\u003cbr\u003eThis issue was fixed in version 1.55.\u003cbr\u003e"
            }
          ],
          "value": "SOPlanning is vulnerable to Predictable Generation of Password Recovery Token. Due to weak mechanism of generating recovery tokens, a malicious attacker is able to brute-force all possible values and takeover any account in reasonable amount of time.\n\nThis issue was fixed in version 1.55."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-20T15:51:21.045Z",
        "orgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
        "shortName": "CERT-PL"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://cert.pl/en/posts/2025/11/CVE-2025-62293"
        },
        {
          "tags": [
            "product"
          ],
          "url": "https://www.soplanning.org/en/"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Predictable Generation of Password Recovery Token",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "4bb8329e-dd38-46c1-aafb-9bf32bcb93c6",
    "assignerShortName": "CERT-PL",
    "cveId": "CVE-2025-62294",
    "datePublished": "2025-11-20T15:43:40.993Z",
    "dateReserved": "2025-10-10T06:53:21.425Z",
    "dateUpdated": "2025-11-20T18:59:36.982Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-59452 (GCVE-0-2025-59452)

Vulnerability from cvelistv5 – Published: 2025-10-06 00:00 – Updated: 2025-11-26 15:21
VLAI
Summary
The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device's MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
Impacted products
Vendor Product Version
YoSmart YoLink API Affected: 0 , ≤ 2025-10-02 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59452",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-06T20:16:45.320859Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-06T20:16:55.103Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "YoLink API",
          "vendor": "YoSmart",
          "versions": [
            {
              "lessThanOrEqual": "2025-10-02",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The YoSmart YoLink API through 2025-10-02 uses an endpoint URL that is derived from a device\u0027s MAC address along with an MD5 hash of non-secret information, such as a key that begins with cf50."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-11-26T15:21:54.400Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bishopfox.com/blog/advisories"
        },
        {
          "url": "https://shop.yosmart.com/pages/product-support"
        },
        {
          "url": "https://bishopfox.com/blog/how-a-20-smart-device-gave-me-access-to-your-home"
        },
        {
          "url": "https://shop.yosmart.com/pages/sa-2025-001"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59452",
    "datePublished": "2025-10-06T00:00:00.000Z",
    "dateReserved": "2025-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-26T15:21:54.400Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-58424 (GCVE-0-2025-58424)

Vulnerability from cvelistv5 – Published: 2025-10-15 13:55 – Updated: 2026-02-26 16:57
VLAI
Title
BIG-IP TMM vulnerability
Summary
On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
Assigner
f5
References
Impacted products
Vendor Product Version
F5 BIG-IP Unaffected: 17.5.0 , < * (custom)
Affected: 17.1.0 , < 17.1.2.2 (custom)
Affected: 16.1.0 , < 16.1.6 (custom)
Affected: 15.1.0 , < 15.1.10.8 (custom)
Create a notification for this product.
Date Public
2025-10-15 14:00
Credits
F5
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-58424",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-16T03:56:33.215339Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T16:57:44.249Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "All_Modules"
          ],
          "product": "BIG-IP",
          "vendor": "F5",
          "versions": [
            {
              "lessThan": "*",
              "status": "unaffected",
              "version": "17.5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "17.1.2.2",
              "status": "affected",
              "version": "17.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "16.1.6",
              "status": "affected",
              "version": "16.1.0",
              "versionType": "custom"
            },
            {
              "lessThan": "15.1.10.8",
              "status": "affected",
              "version": "15.1.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "F5"
        }
      ],
      "datePublic": "2025-10-15T14:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\n\n\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eOn BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.\u0026nbsp;\u0026nbsp;\u003c/span\u003eNote: Software versions which have reached End of Technical Support (EoTS) are not evaluated.\n\n\u003c/span\u003e\u003cbr\u003e"
            }
          ],
          "value": "On BIG-IP systems, undisclosed traffic can cause data corruption and unauthorized data modification in protocols which do not have message integrity protection.\u00a0\u00a0Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        },
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "NONE",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340: Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-03T00:40:56.521Z",
        "orgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
        "shortName": "f5"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://my.f5.com/manage/s/article/K000151297"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "BIG-IP TMM vulnerability",
      "x_generator": {
        "engine": "F5 SIRTBot v1.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9dacffd4-cb11-413f-8451-fbbfd4ddc0ab",
    "assignerShortName": "f5",
    "cveId": "CVE-2025-58424",
    "datePublished": "2025-10-15T13:55:47.303Z",
    "dateReserved": "2025-10-03T23:04:21.100Z",
    "dateUpdated": "2026-02-26T16:57:44.249Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40933 (GCVE-0-2025-40933)

Vulnerability from cvelistv5 – Published: 2025-09-17 14:25 – Updated: 2025-09-17 17:21
VLAI
Title
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely
Summary
Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely. Session ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
Impacted products
Vendor Product Version
KGOLDOV Apache::AuthAny Affected: 0.19 , ≤ 0.201 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40933",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-17T17:20:12.025214Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-17T17:21:55.927Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Apache-AuthAny",
          "product": "Apache::AuthAny",
          "programFiles": [
            "lib/Apache2/AuthAny/Cookie.pm"
          ],
          "vendor": "KGOLDOV",
          "versions": [
            {
              "lessThanOrEqual": "0.201",
              "status": "affected",
              "version": "0.19",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cdiv\u003eApache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.\u003c/div\u003e\u003cdiv\u003eSession ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\u003c/div\u003e\u003cdiv\u003ePredicable session ids could allow an attacker to gain access to systems.\u003c/div\u003e"
            }
          ],
          "value": "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely.\n\nSession ids are generated using an MD5 hash of the epoch time and a call to the built-in rand function. The epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredicable session ids could allow an attacker to gain access to systems."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            },
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T14:25:10.826Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "url": "https://metacpan.org/release/KGOLDOV/Apache2-AuthAny-0.201/source/lib/Apache2/AuthAny/Cookie.pm"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40933",
    "datePublished": "2025-09-17T14:25:10.826Z",
    "dateReserved": "2025-04-16T09:05:34.363Z",
    "dateUpdated": "2025-09-17T17:21:55.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-40932 (GCVE-0-2025-40932)

Vulnerability from cvelistv5 – Published: 2026-02-26 23:33 – Updated: 2026-02-27 18:41
VLAI
Title
Apache::SessionX versions through 2.01 for Perl create insecure session id
Summary
Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.
SSVC
Exploitation: none Automatable: yes Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
References
Impacted products
Vendor Product Version
GRICHTER Apache::SessionX Affected: 0 , ≤ 2.01 (custom)
Create a notification for this product.
Credits
Robert Rothenberg
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 8.2,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "LOW",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40932",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T18:39:16.068005Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T18:41:24.407Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Apache-SessionX",
          "product": "Apache::SessionX",
          "programFiles": [
            "lib/SessionX/Generate/MD5.pm"
          ],
          "vendor": "GRICHTER",
          "versions": [
            {
              "lessThanOrEqual": "2.01",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Robert Rothenberg"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache::SessionX versions through 2.01 for Perl create insecure session id.\n\nApache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-26T23:33:37.083Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "related"
          ],
          "url": "https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Consider alternate solutions like https://metacpan.org/pod/Apache::SessionX::Generate::Random"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache::SessionX versions through 2.01 for Perl create insecure session id",
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40932",
    "datePublished": "2026-02-26T23:33:37.083Z",
    "dateReserved": "2025-04-16T09:05:34.363Z",
    "dateUpdated": "2026-02-27T18:41:24.407Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40931 (GCVE-0-2025-40931)

Vulnerability from cvelistv5 – Published: 2026-03-05 01:41 – Updated: 2026-04-21 02:42
VLAI
Title
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id
Summary
Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id. Apache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems. Note that the libapache-session-perl package in some Debian-based Linux distributions may be patched to use Crypt::URandom.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
Impacted products
Vendor Product Version
CHORNY Apache::Session::Generate::MD5 Affected: 0 , ≤ 1.94 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-03-05T11:12:52.118Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/05/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40931",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T16:38:07.301789Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-21T02:42:43.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Apache-Session",
          "product": "Apache::Session::Generate::MD5",
          "programFiles": [
            "lib/Session/Generate/MD5.pm"
          ],
          "repo": "https://github.com/chorny/Apache-Session",
          "vendor": "CHORNY",
          "versions": [
            {
              "lessThanOrEqual": "1.94",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id.\n\nApache::Session::Generate::MD5 generates session ids insecurely. The default session id generator returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.\n\nNote that the libapache-session-perl package in some Debian-based Linux distributions may be patched to use Crypt::URandom."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-115",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-115 Authentication Bypass"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-12T17:19:38.170Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "url": "https://metacpan.org/dist/Apache-Session/source/lib/Apache/Session/Generate/MD5.pm#L27"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/chorny/Apache-Session/issues/4"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://rt.cpan.org/Ticket/Display.html?id=173631"
        },
        {
          "tags": [
            "mailing-list"
          ],
          "url": "https://www.openwall.com/lists/oss-security/2019/06/15/1"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930659"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://salsa.debian.org/perl-team/modules/packages/libapache-session-perl/-/commit/bdabd71c2f91b18526e31a9dc52b4c17b3d246b7#898a4b8b00022df1b8689910b67707f3e738d180"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/work_items/1633"
        },
        {
          "url": "https://metacpan.org/pod/Apache::Session::Generate::Random"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Consider alternate solutions like https://metacpan.org/pod/Apache::Session::Generate::Random"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2017-10-06T00:00:00.000Z",
          "value": "Issue created in the GitHub repository for Apache-Session identifying poor entropy."
        },
        {
          "lang": "en",
          "time": "2019-06-15T00:00:00.000Z",
          "value": "Report posted to the Open Source Security mailing list."
        },
        {
          "lang": "en",
          "time": "2019-06-17T00:00:00.000Z",
          "value": "Debian bug 930659 for libapache-session-perl poor source of entropy for session id generation."
        },
        {
          "lang": "en",
          "time": "2019-06-20T00:00:00.000Z",
          "value": "Patch to use Crypt::URandom created by the Debian Perl Group."
        },
        {
          "lang": "en",
          "time": "2025-09-04T00:00:00.000Z",
          "value": "Issue reported to CPANSec."
        },
        {
          "lang": "en",
          "time": "2026-03-05T00:00:00.000Z",
          "value": "CVE disclosed by CPANSec."
        }
      ],
      "title": "Apache::Session::Generate::MD5 versions through 1.94 for Perl create insecure session id",
      "workarounds": [
        {
          "lang": "en",
          "value": "Apply the patch  from the Debian Perl Group that uses Crypt::URandom."
        }
      ],
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40931",
    "datePublished": "2026-03-05T01:41:09.588Z",
    "dateReserved": "2025-04-16T09:05:34.363Z",
    "dateUpdated": "2026-04-21T02:42:43.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-40926 (GCVE-0-2025-40926)

Vulnerability from cvelistv5 – Published: 2026-03-05 01:24 – Updated: 2026-04-21 02:42
VLAI
Title
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely
Summary
Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely. The default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predictable session ids could allow an attacker to gain access to systems. Plack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-340 - Generation of Predictable Numbers or Identifiers
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator
Assigner
Impacted products
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-40926",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-05T16:28:14.069463Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-21T02:42:17.296Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "Plack-Middleware-Session-Simple",
          "product": "Plack::Middleware::Session::Simple",
          "programFiles": [
            "lib/Plack/Middleware/Session/Simple.pm"
          ],
          "programRoutines": [
            {
              "name": "Plack::Middleware::Session::Simple::sid_generator"
            }
          ],
          "repo": "https://github.com/kazeburo/Plack-Middleware-Session-Simple",
          "vendor": "KAZEBURO",
          "versions": [
            {
              "lessThan": "0.05",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely.\n\nThe default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredictable session ids could allow an attacker to gain access to systems.\n\nPlack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-340",
              "description": "CWE-340 Generation of Predictable Numbers or Identifiers",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-11T23:25:24.779Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "url": "https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch"
        },
        {
          "tags": [
            "vendor-advisory",
            "related",
            "vdb-entry"
          ],
          "url": "https://www.cve.org/CVERecord?id=CVE-2025-40923"
        },
        {
          "tags": [
            "technical-description"
          ],
          "url": "https://security.metacpan.org/docs/guides/random-data-for-security.html"
        },
        {
          "tags": [
            "release-notes"
          ],
          "url": "https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.05/changes"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Users are advised to upgrade to version 0.05 or later."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely",
      "workarounds": [
        {
          "lang": "en",
          "value": "Users are advised to change the sid_generator attribute of Plack::Middleware::Session::Simple to a function that returns a securely generated session id based on a secure source of entropy from the system.\n\nUsers may consider using Plack::Middleware::Session version 0.35 or later."
        }
      ],
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2025-40926",
    "datePublished": "2026-03-05T01:24:34.151Z",
    "dateReserved": "2025-04-16T09:05:34.362Z",
    "dateUpdated": "2026-04-21T02:42:17.296Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

No mitigation information available for this CWE.

No CAPEC attack patterns related to this CWE.