CryptX versions prior to 0.088 for Perl do not reseed the state of the Crypt::PK pseudo‑random number generator after a process fork. The Crypt::PK::* classes seed a dedicated PRNG during construction and then reuse that state without detecting forking, meaning a Crypt::PK::* object created before fork shares an identical PRNG state with every child process. Operations that rely on this PRNG, such as key generation or signature creation, can thus produce identical outcomes across processes. This nonce‑reuse flaw enables an attacker who can obtain distinct ECDSA or DSA signatures from separate processes to recover the signing private key, resulting in full key compromise.

The vulnerability impacts any Perl application that loads CryptX before version 0.088, specifically the Crypt::PK::RSA, Crypt::PK::DSA, Crypt::PK::DH, Crypt::PK::ECC, Crypt::PK::Ed25519, and Crypt::PK::X25519 modules. Commonly affected environments include preforking web servers such as Starman that instantiate Crypt::PK::* objects at startup and inherit them in worker processes.

The CVSS score of 7.5 indicates a high severity, while the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not listed in CISA KEV, implying it has not been widely confirmed as actively exploited. An attacker would need the ability to trigger cryptographic operations in separate forked processes, which can be achieved through a preforking service that exposes signature or key‑generation functions, or by collecting executions from existing keys that were created before fork. Once two distinct signatures from different processes are available, key recovery is straightforward. The attack is considered local or requires out‑of‑band access unless the application publicly exposes the cryptographic functions. Because the flaw allows key material reuse across workers, the risk extends to all users of a preforking application that does not reseed the PRNG after fork.