CVE-2025-40934

Name of the Vulnerable Software and Affected Versions XML-Sig versions 0.27 through 0.67

Description The Perl module XML-Sig does not correctly validate XML files when signatures are absent. An attacker can remove a signature from an XML document, causing the verification check to pass incorrectly. An unsigned XML file should normally return an error, but the affected versions return a successful validation result when no signature is present.

Recommendations Update to a version of XML-Sig greater than 0.67.