Main Vulnerability Database Vulnerabilities #VU106276

#VU106276 Use of insufficiently random values in Data-Entropy - CVE-2025-1860

Published: March 31, 2025

Vulnerability identifier: #VU106276

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2025-1860

CWE-ID: CWE-330

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Data-Entropy

Software vendor:
ZEFRAM

Description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to software uses the rand() function as the default source of entropy, which is not cryptographically secure. A remote attacker can bypass implemented security restrictions.

Remediation

Install updates from vendor's website.

External links

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80

#VU106276 Use of insufficiently random values in Data-Entropy - CVE-2025-1860

Description

Remediation

External links

Please verify you're human