CVE-2025-15578

CRITICAL

9.8

Description

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published2/16/2026

Last Modified3/10/2026

Sourcenvd

Honeypot Sightings0

Affected Products

teejay:maypole

Weaknesses (CWE)

CWE-338

References

https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43(9b29abf9-4ab0-4765-b253-1875cd9b441e)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.