CVE-2025-40916

Name of the Vulnerable Software and Affected Versions Mojolicious::Plugin::CaptchaPNG version 1.05

Description The issue concerns the use of a weak random number source for generating the captcha in Mojolicious::Plugin::CaptchaPNG for Perl. Specifically, version 1.05 utilizes the built-in rand() function to generate both the captcha text and image noise, which is insecure.

Recommendations For Mojolicious::Plugin::CaptchaPNG version 1.05, consider updating to a newer version that addresses the weak random number source issue. As a temporary workaround, consider disabling the use of the rand() function for generating captcha text and image noise until a patch is available. Restrict access to the captcha generation functionality to minimize the risk of exploitation.