Security Advisory

CVE-2025-40920

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-11 20:19:57

Last updated 2026-01-17 20:23:09

Assigner CPANSec

State PUBLISHED

Description

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

← Browse all CVEs View on cve.org ↗