CVE-2025-40916

Summary

Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.

That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.

Affected Software

VendorProductVersion RangeStatus
GRYPHONMojolicious::Plugin::CaptchaPNG1.05affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator
  • CWE-804: CWE-804 Guessable CAPTCHA

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References