Search criteria
1 vulnerability by TEEJAY
CVE-2025-15578 (GCVE-0-2025-15578)
Vulnerability from cvelistv5 – Published: 2026-02-16 21:18 – Updated: 2026-02-17 14:46
VLAI
Title
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely
Summary
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
Severity
9.8 (Critical)
CWE
- CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://metacpan.org/dist/Maypole/source/lib/Mayp… | related |
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-15578",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:46:16.693155Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:46:39.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://cpan.org/modules",
"defaultStatus": "unaffected",
"packageName": "Maypole",
"product": "Maypole",
"programFiles": [
"lib/Maypole/Session.pm"
],
"vendor": "TEEJAY",
"versions": [
{
"lessThanOrEqual": "2.13",
"status": "affected",
"version": "2.10",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Robert Rothenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-338",
"description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-02-16T21:18:16.085Z",
"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"shortName": "CPANSec"
},
"references": [
{
"tags": [
"related"
],
"url": "https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely",
"x_generator": {
"engine": "cpansec-cna-tool 0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
"assignerShortName": "CPANSec",
"cveId": "CVE-2025-15578",
"datePublished": "2026-02-16T21:18:16.085Z",
"dateReserved": "2026-02-12T23:45:23.424Z",
"dateUpdated": "2026-02-17T14:46:39.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}