{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15578", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-02-12T23:45:23.424Z", "datePublished": "2026-02-16T21:18:16.085Z", "dateUpdated": "2026-02-17T14:46:39.850Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "Maypole", "product": "Maypole", "programFiles": ["lib/Maypole/Session.pm"], "vendor": "TEEJAY", "versions": [{"lessThanOrEqual": "2.13", "status": "affected", "version": "2.10", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Robert Rothenberg"}], "descriptions": [{"lang": "en", "value": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID."}], "problemTypes": [{"descriptions": [{"cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-02-16T21:18:16.085Z"}, "references": [{"tags": ["related"], "url": "https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"}], "source": {"discovery": "UNKNOWN"}, "title": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely", "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-02-17T14:46:16.693155Z", "id": "CVE-2025-15578", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T14:46:39.850Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15578", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-02-17T14:46:16.693155Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-17T14:46:33.943Z"}}], "cna": {"title": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Robert Rothenberg"}], "affected": [{"vendor": "TEEJAY", "product": "Maypole", "versions": [{"status": "affected", "version": "2.10", "versionType": "custom", "lessThanOrEqual": "2.13"}], "packageName": "Maypole", "programFiles": ["lib/Maypole/Session.pm"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected"}], "references": [{"url": "https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43", "tags": ["related"]}], "x_generator": {"engine": "cpansec-cna-tool 0.1"}, "descriptions": [{"lang": "en", "value": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-338", "description": "CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-02-16T21:18:16.085Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15578", "state": "PUBLISHED", "dateUpdated": "2026-02-17T14:46:39.850Z", "dateReserved": "2026-02-12T23:45:23.424Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2026-02-16T21:18:16.085Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:teejay:maypole:*:*:*:*:*:perl:*:*", "matchCriteriaId": "ED195057-9CB0-44A6-97C0-BD0767582057", "versionEndIncluding": "2.13", "versionStartIncluding": "2.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:teejay:maypole:2.111:*:*:*:*:perl:*:*", "matchCriteriaId": "D7F6B5FF-1CE1-44FC-BBB4-AA2410D05778", "vulnerable": true}, {"criteria": "cpe:2.3:a:teejay:maypole:2.121:*:*:*:*:perl:*:*", "matchCriteriaId": "AF245BCC-BD47-4117-B7AC-D73DF9DE1ABA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID."}, {"lang": "es", "value": "Las versiones de Maypole de la 2.10 a la 2.13 para Perl generan identificadores de sesi\u00f3n de forma insegura. El identificador de sesi\u00f3n se inicializa con la hora del sistema (que est\u00e1 disponible en los encabezados de respuesta HTTP), una llamada a la funci\u00f3n rand() incorporada y el PID."}], "id": "CVE-2025-15578", "lastModified": "2026-03-10T15:07:31.793", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-16T22:22:40.557", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Issue Tracking"], "url": "https://metacpan.org/dist/Maypole/source/lib/Maypole/Session.pm#L43"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-338"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{}

{"created": "2026-02-17T08:48:59.018000+00:00", "updated": "2026-02-17T08:48:59.018073+00:00", "vendors": ["teejay", "teejay$PRODUCT$maypole"]}