Critical severity9.1NVD Advisory· Published Jun 16, 2025· Updated Apr 15, 2026
CVE-2025-40916
CVE-2025-40916
Description
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.
That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- metacpan.org/pod/perlfuncnvd
- metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.04/diff/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.05/lib/Mojolicious/Plugin/CaptchaPNG.pmnvd
- metacpan.org/release/GRYPHON/Mojolicious-Plugin-CaptchaPNG-1.06/changesnvd
- security.metacpan.org/docs/guides/random-data-for-security.htmlnvd
News mentions
0No linked articles in our index yet.