{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-07-01T15:03:18.493","vulnerabilities":[{"cve":{"id":"CVE-2025-40915","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2025-06-11T17:15:42.793","lastModified":"2026-06-17T09:22:17.237","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.\n\nThat version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function."},{"lang":"es","value":"Mojolicious::Plugin::CSRF 1.03 para Perl utiliza una fuente de números aleatorios débil para generar tokens CSRF. Esta versión del módulo genera tokens como un MD5 del ID del proceso, la hora actual y una única llamada a la función integrada rand()."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"GRYPHON","product":"Mojolicious::Plugin::CSRF","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Mojolicious-Plugin-CSRF","repo":"https://github.com/gryphonshafer/Mojo-Plugin-CSRF","versions":[{"version":"1.03","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":7.0,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":2.2,"impactScore":4.7}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-06-11T17:52:49.542565Z","id":"CVE-2025-40915","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}}]}