Cyber Resilience

CVE-2025-40920

High

Published: 11 August 2025

Published
11 August 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
EPSS Score 0.0056 68.6th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-40920 is a high-severity PRNG (CWE-338) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 31.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 IA-5 (Authenticator Management) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-40920 is a vulnerability in Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier, a Perl module used for HTTP authentication credentials. The issue stems from nonce generation relying on the Data::UUID library, which produces version 3 UUIDs derived from known information without a strong cryptographic randomness source. This approach is unsuitable for security contexts, as noted in RFC 9562, and fails to meet RFC 7616 requirements for cryptographically secure nonces in HTTP authentication.

The vulnerability carries a CVSS v3.1 base score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L), indicating exploitation is possible remotely over the network with low complexity, no privileges, no user interaction, and unchanged scope. Attackers can leverage the predictable nonces to achieve high confidentiality impact, such as bypassing authentication mechanisms, alongside low integrity and availability impacts. It maps to CWE-338 (uses of weak cryptography) and CWE-340 (predictable generation of identifiers).

Mitigation is addressed in the project's GitHub repository via commit ad2c03aad95406db4ce35dfb670664ebde004c18 and pull request #1, which update the nonce generation process. The vulnerable code is visible in the source at metacpan.org for version 1.018. Additional guidance appears in RFC 7616 section 5.12 and RFC 9562 security considerations, emphasizing strong cryptographic sources for nonces.

EU & UK References

Vulnerability details

Catalyst::Authentication::Credential::HTTP versions 1.018 and earlier for Perl generate nonces using the Perl Data::UUID library. * Data::UUID does not use a strong cryptographic source for generating UUIDs. * Data::UUID returns v3 UUIDs, which are generated from known information and are unsuitable…

more

for security, as per RFC 9562. * The nonces should be generated from a strong cryptographic source, as per RFC 7616.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

Weak nonce generation enables remote authentication bypass in a public-facing web auth module (Catalyst), directly facilitating exploitation of the application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-40926Shared CWE-338, CWE-340
CVE-2026-2439Shared CWE-338, CWE-340
CVE-2024-40762Shared CWE-338
CVE-2025-40932Shared CWE-338, CWE-340
CVE-2025-66630Shared CWE-338
CVE-2025-15604Shared CWE-338, CWE-340
CVE-2026-5085Shared CWE-338, CWE-340
CVE-2026-3256Shared CWE-338, CWE-340
CVE-2026-5087Shared CWE-338
CVE-2026-40496Shared CWE-340

Affected Assets

HTTP
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires authenticator management with sufficient strength of mechanism for security tokens like nonces in HTTP authentication, directly preventing use of weak cryptographic randomness from Data::UUID.

prevent

Mandates identification, reporting, and correction of flaws such as the predictable nonce generation in Catalyst::Authentication::Credential::HTTP version 1.018 and earlier.

prevent

Implements cryptographic protection mechanisms that require strong randomness sources for security-sensitive values like authentication nonces, addressing the RFC 7616 violation.

References