CVE-2025-40905

Severity CVSS v4.0:

Pending analysis

Type:

Unavailable / Other

Publication date:

13/02/2026

Last modified:

13/02/2026

Description

WWW::OAuth 1.000 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Impact

References to Advisories, Solutions, and Tools

https://metacpan.org/release/DBOOK/WWW-OAuth-1.000/source/lib/WWW/OAuth.pm#L86
https://perldoc.perl.org/functions/rand
https://security.metacpan.org/docs/guides/random-data-for-security.html
http://www.openwall.com/lists/oss-security/2026/02/13/1