CVE-2025-40932 - Vulnerability Analysis
HighCVSS: 8.2Last Updated: February 27, 2026
Apache::SessionX - Authentication Bypass
Published: February 27, 2026Updated: February 27, 2026Remote Exploitable
Overview
Apache::SessionX <= 2.01 for Perl contains a broken authentication caused by insecure session ID generation using predictable seeds in MD5 hash, letting attackers predict session IDs and gain unauthorized access, exploit requires no special privileges.
Severity & Score
Severity: High
CVSS Score: 8.2
Impact
Attackers can predict session IDs to hijack sessions and gain unauthorized access to user accounts or systems.
Mitigation
Update to the latest version with secure session ID generation.
References
Related Resources
Details
- CVE ID
- CVE-2025-40932
- Severity
- High
- CVSS Score
- 8.2
- Type
- broken_authentication
- Status
- unconfirmed
CWE
- CWE-338
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N