CVE-2025-15604 identifies a cryptographic weakness in the random_string function of the Perl web framework Amon2, versions before 6.17. The vulnerability arises from the use of predictable random number generation methods when the preferred entropy source, /dev/urandom, is unavailable. Specifically, versions 6.06 through 6.16 attempt to read from /dev/urandom but fall back to generating bytes by concatenating a SHA-1 hash seeded with the built-in Perl rand() function, the process ID (PID), and the high-resolution epoch time. The built-in rand() function is not cryptographically secure, and the PID is drawn from a small range of values, while the epoch time can be approximated or leaked (e.g., from HTTP Date headers). This combination results in low entropy and predictability of supposedly random strings. Earlier versions (before 6.06) either have no fallback or rely solely on the insecure rand() function for random string generation. The random_string function is used in security-critical contexts such as session ID generation, signing or encrypting cookie session data, and generating CSRF tokens. Predictable random values in these contexts can allow attackers to guess or reproduce tokens, leading to session hijacking, cookie forgery, or bypassing CSRF protections. Although no active exploits are reported, the vulnerability represents a significant risk to applications using affected versions of Amon2. The issue is categorized under CWE-340 (Generation of Predictable Numbers or Identifiers) and CWE-338 (Use of Cryptographically Weak Pseudo-Random Number Generator). There is no CVSS score assigned yet, and no official patches linked, but upgrading to version 6.17 or later is recommended to mitigate the issue.

The vulnerability undermines the confidentiality and integrity of web applications built on affected versions of Amon2 by enabling attackers to predict or reproduce random strings used for session identifiers, cookie signing/encryption secrets, and CSRF tokens. This can lead to session hijacking, allowing attackers to impersonate legitimate users, unauthorized access to sensitive data, and bypass of CSRF protections, potentially facilitating further attacks such as privilege escalation or data manipulation. The availability impact is limited but could arise indirectly if attackers disrupt sessions or force logouts. The scope affects all applications using vulnerable Amon2 versions, especially those deployed in environments where /dev/urandom is unavailable or inaccessible, such as certain containerized or restricted systems. Since the vulnerability does not require user interaction and can be exploited remotely by predicting tokens, the risk is elevated. Organizations relying on Amon2 for web application frameworks face increased risk of compromise, data breaches, and reputational damage if unmitigated.

1. Upgrade all Amon2 installations to version 6.17 or later, where the random_string function uses secure random number generation methods. 2. If upgrading is not immediately possible, implement custom cryptographically secure random string generation using Perl modules such as Crypt::URandom or Bytes::Random::Secure that rely on strong entropy sources. 3. Ensure that the runtime environment provides access to /dev/urandom or an equivalent secure entropy source; avoid running applications in restricted environments lacking such sources. 4. Review and rotate all session secrets, cookie signing keys, and CSRF tokens generated by vulnerable versions to invalidate potentially compromised tokens. 5. Employ additional layers of security such as multi-factor authentication and anomaly detection to mitigate risks from token prediction. 6. Monitor application logs for suspicious session activity or token reuse patterns. 7. Educate developers on the importance of using cryptographically secure random number generators for security-critical functions. 8. Conduct security audits and penetration testing focusing on session management and CSRF protections to detect exploitation attempts.