Mojolicious::Plugin::CaptchaPNG version 1.05 for Perl uses a weak random number source for generating the captcha.
That version uses the built-in rand() function for generating the captcha text as well as image noise, which is insecure.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40916.json",
"cna_assigner": "CPANSec",
"cwe_ids": [
"CWE-338",
"CWE-804"
]
}