{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-21T19:10:01.089","vulnerabilities":[{"cve":{"id":"CVE-2025-40926","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2026-03-05T02:16:39.790","lastModified":"2026-06-17T09:22:18.360","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Plack::Middleware::Session::Simple versions before 0.05 for Perl generates session ids insecurely.\n\nThe default session id generator returns a SHA-1 hash seeded with the built-in rand function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.\n\nPredictable session ids could allow an attacker to gain access to systems.\n\nPlack::Middleware::Session::Simple is intended to be compatible with Plack::Middleware::Session, which had a similar security issue CVE-2025-40923."},{"lang":"es","value":"Las versiones de Plack::Middleware::Session::Simple hasta la 0.04 para Perl generan identificadores de sesión de forma insegura.\n\nEl generador predeterminado de identificadores de sesión devuelve un hash SHA-1 inicializado con la función rand incorporada, el tiempo epoch y el PID. El PID provendrá de un pequeño conjunto de números, y el tiempo epoch puede ser adivinado, si no se filtra del encabezado HTTP Date. La función rand incorporada no es adecuada para uso criptográfico.\n\nLos identificadores de sesión predecibles podrían permitir a un atacante obtener acceso a los sistemas.\n\nPlack::Middleware::Session::Simple está diseñado para ser compatible con Plack::Middleware::Session, que tuvo un problema de seguridad similar CVE-2025-40923."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"KAZEBURO","product":"Plack::Middleware::Session::Simple","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Plack-Middleware-Session-Simple","programFiles":["lib/Plack/Middleware/Session/Simple.pm"],"programRoutines":[{"name":"Plack::Middleware::Session::Simple::sid_generator"}],"repo":"https://github.com/kazeburo/Plack-Middleware-Session-Simple","versions":[{"version":"0","lessThan":"0.05","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-03-05T16:28:14.069463Z","id":"CVE-2025-40926","options":[{"exploitation":"none"},{"automatable":"yes"},{"technicalImpact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-338"},{"lang":"en","value":"CWE-340"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:kazeburo:plack\\:\\:middleware\\:\\:session\\:\\:simple:*:*:*:*:*:perl:*:*","versionEndExcluding":"0.05","matchCriteriaId":"B99A5199-295A-487A-95D0-2DDF94AFDE71"}]}]}],"references":[{"url":"https://github.com/kazeburo/Plack-Middleware-Session-Simple/commit/760bb358b8f53e52cf415888a4ac858fd99bb24e.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Patch"]},{"url":"https://github.com/kazeburo/Plack-Middleware-Session-Simple/pull/4","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Issue Tracking","Patch"]},{"url":"https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.04/source/lib/Plack/Middleware/Session/Simple.pm#L43","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Issue Tracking","Product"]},{"url":"https://metacpan.org/release/KAZEBURO/Plack-Middleware-Session-Simple-0.05/changes","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/docs/guides/random-data-for-security.html","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-40923","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":["Third Party Advisory"]}]}}]}