VYPR
Unrated severityNVD Advisory· Published Nov 26, 2025· Updated Nov 28, 2025

XML-Sig prior to 0.68 for Perl improperly validates XML without signatures

CVE-2025-40934

Description

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted.

An attacker can remove the signature from the XML document to make it pass the verification check.

XML-Sig is a Perl module to validate signatures on XML files.  An unsigned XML file should return an error message.  The affected versions return true when attempting to validate an XML file that contains no signatures.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1
  • TIMLEGGE/XML::Sigv5
    Range: 0.27

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.