Unrated severityNVD Advisory· Published Feb 12, 2026· Updated Feb 17, 2026

WWW::OAuth 1.000 and earlier for Perl uses insecure rand() function for cryptographic functions

CVE-2025-40905

Description

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Affected products

Dbook/Www::OAuthllm-fuzzy2 versions
<=1.000+ 1 more
- (no CPE)range: <=1.000
- (no CPE)range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pmmitre
perldoc.perl.org/functions/randmitre
security.metacpan.org/docs/guides/random-data-for-security.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000