CVE-2025-15578

CRITICAL

9.8

Description

Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.

Details CVE

Score CVSS v3.19.8

SeveriteCRITICAL

Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vecteur d'attaqueNETWORK

ComplexiteLOW

Privileges requisNONE

Interaction utilisateurNONE

Publie2/16/2026

Derniere modification3/10/2026

Sourcenvd

Observations honeypot0

Produits affectes

teejay:maypole

Faiblesses (CWE)

CWE-338

References

https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43(9b29abf9-4ab0-4765-b253-1875cd9b441e)

Correlations IOC

Aucune correlation enregistree

This product uses data from the NVD API but is not endorsed or certified by the NVD.