ByteOS Network

NVD Vulnerability Details :

CVE-2025-40932

Analyzed

Source-9b29abf9-4ab0-4765-b253-1875cd9b441e

Published At-27 Feb, 2026 | 00:16

Updated At-03 Mar, 2026 | 19:36

Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() function, the epoch time, and the PID. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage. Predicable session ids could allow an attacker to gain access to systems.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Type: Secondary

Version: 3.1

Base score: 8.2

Base severity: HIGH

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CPE Matches

grichter>>apache\>>\

cpe:2.3:a:grichter:apache\:\:sessionx:*:*:*:*:*:perl:*:*

Weaknesses

CWE ID	Type	Source
CWE-338	Secondary	9b29abf9-4ab0-4765-b253-1875cd9b441e
CWE-340	Secondary	9b29abf9-4ab0-4765-b253-1875cd9b441e

CWE ID: CWE-338

Type: Secondary

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

CWE ID: CWE-340

Type: Secondary

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

References

Hyperlink	Source	Resource
https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29	9b29abf9-4ab0-4765-b253-1875cd9b441e	Issue Tracking

Hyperlink: https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Resource:

Issue Tracking

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History