Skip to main content

Amon2 CVE-2025-15604

| EUVDEUVD-2025-209114 CRITICAL
Generation of Predictable Numbers or Identifiers (CWE-340)
2026-03-28 CPANSec GHSA-7r2j-hgh9-jqqx
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

6
Analysis Updated
Apr 16, 2026 - 05:47 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
6.17
EUVD ID Assigned
Mar 28, 2026 - 19:00 euvd
EUVD-2025-209114
Analysis Generated
Mar 28, 2026 - 19:00 vuln.today
CVE Published
Mar 28, 2026 - 18:43 nvd
CRITICAL 9.8

DescriptionCVE.org

Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions.

In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is unavailable then it generates bytes by concatenating a SHA-1 hash seeded with the built-in rand() function, the PID, and the high resolution epoch time. The PID will come from a small set of numbers, and the epoch time may be guessed, if it is not leaked from the HTTP Date header. The built-in rand function is unsuitable for cryptographic usage.

Before version 6.06, there was no fallback when /dev/urandom was not available.

Before version 6.04, the random_string function used the built-in rand() function to generate a mixed-case alphanumeric string.

This function may be used for generating session ids, generating secrets for signing or encrypting cookie session data and generating tokens used for Cross Site Request Forgery (CSRF) protection.

AnalysisAI

Amon2 for Perl versions before 6.17 use cryptographically weak random number generation for security-critical functions including session IDs, cookie signing secrets, and CSRF tokens. Versions 6.06-6.16 fall back to SHA-1 hashes seeded with predictable inputs (process ID from a small set, guessable epoch time, and the unsuitable built-in rand() function) when /dev/urandom is unavailable; versions before 6.06 relied entirely on built-in rand(). No CVSS vector or EPSS data is available, and no public exploit code or active exploitation has been confirmed, but the weakness directly undermines session security and CSRF protection in affected applications.

Technical ContextAI

Amon2 is a Perl web application framework (CPE: cpe:2.3:a:tokuhirom:amon2:*:*:*:*:*:*:*:*) that implements the random_string function to generate cryptographic material for web session management and token generation. The vulnerability falls under CWE-340 (Generation of Predictable Numbers or Identifiers from a Seed). In versions 6.06-6.16, the function attempts to read from /dev/urandom but falls back to concatenating a SHA-1 hash derived from three inputs: Perl's built-in rand() function (which is a pseudorandom number generator unsuitable for cryptographic use), the process identifier (constrained to a small numeric range), and high-resolution epoch time (often visible in HTTP Date headers or otherwise guessable within a narrow window). Versions before 6.06 had no fallback mechanism; versions before 6.04 used only the built-in rand() function directly. The random_string output is used for session ID generation, deriving secrets for cookie encryption/signing, and generating CSRF protection tokens-all security-critical functions where predictability directly compromises application security.

RemediationAI

Upgrade Amon2 to version 6.17 or later, which replaces the weak random_string implementation with cryptographically secure random number generation. The fix is documented in the diff at https://metacpan.org/release/TOKUHIROM/Amon2-6.17/diff/TOKUHIROM/Amon2-6.16#lib/Amon2/Util.pm and was implemented via pull request https://github.com/tokuhirom/Amon/pull/135. No workaround is available for versions prior to 6.17; patching is the only remediation. Administrators should audit applications using affected Amon2 versions to identify all session IDs, CSRF tokens, and cookie signing secrets generated during the vulnerable period and consider invalidating them or implementing additional integrity checks. For guidance on secure random data generation in Perl, refer to https://security.metacpan.org/docs/guides/random-data-for-security.html.

Share

CVE-2025-15604 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy