ByteOS Network

NVD Vulnerability Details :

CVE-2025-40934

Analyzed

Source-9b29abf9-4ab0-4765-b253-1875cd9b441e

Published At-26 Nov, 2025 | 23:15

Updated At-30 Dec, 2025 | 15:21

XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should return an error message. The affected versions return true when attempting to validate an XML file that contains no signatures.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	9.3	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

Type: Secondary

Version: 3.1

Base score: 9.3

Base severity: CRITICAL

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:H/A:N

CPE Matches

xml\>>\>>sig_project

cpe:2.3:a:xml\:\:sig_project:xml\:\:sig:*:*:*:*:*:perl:*:*

Weaknesses

CWE ID	Type	Source
CWE-347	Secondary	9b29abf9-4ab0-4765-b253-1875cd9b441e

CWE ID: CWE-347

Type: Secondary

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

References

Hyperlink	Source	Resource
https://github.com/perl-net-saml2/perl-XML-Sig/issues/63	9b29abf9-4ab0-4765-b253-1875cd9b441e	Issue Tracking Patch
https://github.com/perl-net-saml2/perl-XML-Sig/pull/64	9b29abf9-4ab0-4765-b253-1875cd9b441e	Issue Tracking

Hyperlink: https://github.com/perl-net-saml2/perl-XML-Sig/issues/63

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Resource:

Issue Tracking

Patch

Hyperlink: https://github.com/perl-net-saml2/perl-XML-Sig/pull/64

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

Resource:

Issue Tracking

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History