{"vulnerability": "CVE-2025-40915", "sightings": [{"uuid": "52c80ba1-d968-4acb-9345-e148fef88f39", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3lrekhtwe2t2e", "content": "", "creation_timestamp": "2025-06-11T23:24:01.183257Z"}, {"uuid": "a3d76b3b-b1a6-4295-a329-07eaff739cd3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/18098", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2025-40915\n\ud83d\udd25 CVSS Score: N/A\n\ud83d\udd39 Description: Mojolicious::Plugin::CSRF 1.03 for Perl uses a weak random number source for generating CSRF tokens.\n\nThat version of the module generates tokens as an MD5 of the process id, the current time, and a single call to the built-in rand() function.\n\ud83d\udccf Published: 2025-06-11T17:09:50.664Z\n\ud83d\udccf Modified: 2025-06-11T17:09:50.664Z\n\ud83d\udd17 References:\n1. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/diff/GRYPHON/Mojolicious-Plugin-CSRF-1.03\n2. https://metacpan.org/release/GRYPHON/Mojolicious-Plugin-CSRF-1.04/changes", "creation_timestamp": "2025-06-11T17:34:26.000000Z"}, {"uuid": "6cad61f3-f55e-4c51-ba56-a72b9dc32dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40915", "type": "published-proof-of-concept", "source": "Telegram/ph88y4G5oeScgD258CchMKrpr3BuS4k3KcSxkFOuLvPbbMI", "content": "", "creation_timestamp": "2025-06-11T20:16:04.000000Z"}]}