Use of insufficiently random values in Data-Entropy - CVE-2025-1860
Published: March 31, 2025
Vulnerability identifier: #VU106276
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-1860
CWE-ID: CWE-330
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: ZEFRAM
Affected software:
Data-Entropy
Data-Entropy
Detailed vulnerability description
The vulnerability allows an attacker to bypass implemented security restrictions.
The vulnerability exists due to software uses the rand() function as the default source of entropy, which is not cryptographically secure. A remote attacker can bypass implemented security restrictions.
How to mitigate CVE-2025-1860
Install updates from vendor's website.