Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.8
Maypole for Perl: Insecure Session ID Generation
CVE-2025-15578
Summary
The Maypole library for Perl generates session IDs in a way that could allow an attacker to guess or predict them. This is a security risk because an attacker might be able to hijack user sessions or access sensitive information. To fix this, upgrade to a newer version of Maypole, such as 2.14 or later.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| teejay | maypole | > 2.10 , <= 2.13 | – |
| teejay | maypole | 2.111 | – |
| teejay | maypole | 2.121 | – |
Original title
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built...
Original description
Maypole versions from 2.10 through 2.13 for Perl generates session ids insecurely. The session id is seeded with the system time (which is available from HTTP response headers), a call to the built-in rand() function, and the PID.
nvd CVSS3.1
9.8
Vulnerability type
CWE-338
Published: 16 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026