Vulnerability in Gryphon Mojolicious::plugin::captchapng
CVE-2025-40916
Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha. That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
EPSS: 0.003 (52.0th percentile) — read the EPSS interpretation.
Affected products
- Gryphon Mojolicious::plugin::captchapng — versions 1.05