CVE-2025-40920

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://datatracker.ietf.org/doc/html/rfc7616#section-5.12", "name": "https://datatracker.ietf.org/doc/html/rfc7616#section-5.12", "tags": [], "refsource": ""}, {"url": "https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations", "name": "https://datatracker.ietf.org/doc/html/rfc9562#name-security-considerations", "tags": [], "refsource": ""}, {"url": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18.patch", "name": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/commit/ad2c03aad95406db4ce35dfb670664ebde004c18.patch", "tags": [], "refsource": ""}, {"url": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1", "name": "https://github.com/perl-catalyst/Catalyst-Authentication-Credential-HTTP/pull/1", "tags": [], "refsource": ""}, {"url": "https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391", "name": "https://metacpan.org/release/ETHER/Catalyst-Authentication-Credential-HTTP-1.018/source/lib/Catalyst/Authentication/Credential/HTTP.pm#L391", "tags": [], "refsource": ""}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs.\n * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable for security, as per RFC 9562.\n * The nonces should be generated from a strong cryptographic source, as per RFC 7616."}]}, "problemtype": {"problemtype_data": [{"description": []}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2025-40920", "ASSIGNER": "cve-request@security.metacpan.org"}}, "impact": {}, "publishedDate": "2025-08-11T21:15Z", "configurations": {"nodes": [], "CVE_data_version": "4.0"}, "lastModifiedDate": "2025-08-11T21:15Z"}