Home / Vulnerability Intelligence / CVE-2025-40932

CVE-2025-40932 - Vulnerability Analysis

HighCVSS: 8.2

Last Updated: February 27, 2026

Apache::SessionX - Authentication Bypass

Published: February 27, 2026Updated: February 27, 2026Remote Exploitable

Overview

Apache::SessionX <= 2.01 for Perl contains a broken authentication caused by insecure session ID generation using predictable seeds in MD5 hash, letting attackers predict session IDs and gain unauthorized access, exploit requires no special privileges.

Severity & Score

Severity: High

CVSS Score: 8.2

EPSS Score: 3.1%(Probability of exploitation in next 30 days)

Impact

Attackers can predict session IDs to hijack sessions and gain unauthorized access to user accounts or systems.

Mitigation

Update to the latest version with secure session ID generation.

References

https://metacpan.org/release/GRICHTER/Apache-SessionX-2.01/source/SessionX/Generate/MD5.pm#L29

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 28, 2026

🟠 CVE-2025-40932 - High (8.2) Apache::SessionX versions through 2.01 for Perl create insecure session id. Apache::SessionX generates session ids insecurely. The default session id generator in Apache::SessionX::Generate::MD5 returns a MD5 hash seeded with the built-in rand() ... 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-40932/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-40932
Severity: High
CVSS Score: 8.2
Type: broken_authentication
Status: unconfirmed
EPSS: 3.1%
Social Posts: 1

CWE

CWE-338

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

EPSS Score

3.1%Probability of exploitation in the next 30 days