Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-1860

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Published

2025-03-28T01:15:16.063

Last Modified

2025-09-05T14:15:43.357

Status

Awaiting Analysis

Source

9b29abf9-4ab0-4765-b253-1875cd9b441e

Severity

CVSSv3.1: 7.7 (HIGH)

Weaknesses

Type: Secondary
CWE-331
CWE-338

Affected Vendors & Products

References

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80 (9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://perldoc.perl.org/functions/rand (9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html (af854a3a-2127-422b-91ae-364da2661108)