Thread Index - September 2025 - CPANSec CVE announcements

CVE-2025-40928: JSON::XS before version 4.04 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist (08 Sep 2025 15:15 UTC)
CVE-2025-40929: Cpanel::JSON::XS before version 4.40 for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist (08 Sep 2025 15:15 UTC)
CVE-2025-40930: JSON::SIMD before version 1.07 and earlier for Perl has an integer buffer overflow causing a segfault when parsing crafted JSON, enabling denial-of-service attacks or other unspecified impact Stig Palmquist (08 Sep 2025 15:15 UTC)
CVE-2025-40933: Apache::AuthAny::Cookie v0.201 or earlier for Perl generates session ids insecurely Robert Rothenberg (17 Sep 2025 14:42 UTC)
CVE-2025-40925: Starch versions 0.14 and earlier generate session ids insecurely Timothy Legge (20 Sep 2025 12:40 UTC)
CVE-2024-58040: Crypt::RandomEncryption for Perl uses insecure rand() function during encryption Timothy Legge (30 Sep 2025 00:08 UTC)