CVE-2025-40925
Starch versions 0.14 and earlier are affected. The insecure session-id generator uses a SHA-1 hash seeded with a counter, epoch time, the built‑in rand, the PID, and Perl reference addresses, making session IDs predictable and potentially enabling unauthorized access. The issue is confirmed acros...