5 matches found
CVE-2025-40934
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...
CVE-2025-40934
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...
CVE-2025-40934 XML-Sig prior to 0.68 for Perl improperly validates XML without signatures
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...
CVE-2025-40934
CVE-2025-40934 affects the Perl module XML-Sig (versions 0.27–0.67). Multiple sources confirm that unsigned XML files are incorrectly validated: an attacker can remove a signature and have the validator return true, bypassing verification. Red Hat, EU/ENISA, OSV, NVD, and security trackers corrob...
CVE-2025-40934 XML-Sig prior to 0.68 for Perl improperly validates XML without signatures
XML-Sig versions 0.27 through 0.67 for Perl incorrectly validates XML files if signatures are omitted. An attacker can remove the signature from the XML document to make it pass the verification check. XML-Sig is a Perl module to validate signatures on XML files. An unsigned XML file should retur...