{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-16T16:58:47.115","vulnerabilities":[{"cve":{"id":"CVE-2025-40920","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2025-08-11T21:15:28.087","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library.\n  *  Data::UUID does not use a strong cryptographic source for generating UUIDs.\n  *  Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.\n  *  The nonces should be generated from a strong cryptographic source, as per RFC 7616."},{"lang":"es","value":"Las versiones 1.018 y anteriores de Catalyst::Authentication::Credential::HTTP para Perl generan nonces mediante la librería Data::UUID de Perl. * Data::UUID no utiliza una fuente criptográfica robusta para generar UUID. * Data::UUID devuelve UUID v3, que se generan a partir de información conocida y no son adecuados para la seguridad, según RFC 9562. * Los nonces deben generarse a partir de una fuente criptográfica robusta, según RFC 7616."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":4.7}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"},{"lang":"en","value":"CWE-340"}]}],"references":[{"url":"https://datatracker.ietf.org/doc/html/rfc7616#section-5.12","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/patches/C/Catalyst-Authentication-Credential-HTTP/1.018/CVE-2025-40920-r1.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"http://www.openwall.com/lists/oss-security/2025/08/12/1","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}