Maypole
CVE-2025-15578
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
AnalysisAI
Perl Maypole 2.10-2.13 generates session IDs insecurely using a weak PRNG, enabling session prediction and hijacking.
Technical ContextAI
Maypole 2.10-2.13 uses CWE-338 weak PRNG for session ID generation, making tokens predictable.
RemediationAI
Update Maypole or use a secure session management library.
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today