CVE-2025-40934

CVE-2025-40934 affects the Perl module XML-Sig (versions 0.27–0.67). Multiple sources confirm that unsigned XML files are incorrectly validated: an attacker can remove a signature and have the validator return true, bypassing verification. Red Hat, EU/ENISA, OSV, NVD, and security trackers corrob...