Use of insufficiently random values in Data-Entropy - CVE-2025-1860

 

Use of insufficiently random values in Data-Entropy - CVE-2025-1860

Published: March 31, 2025


Vulnerability identifier: #VU106276
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2025-1860
CWE-ID: CWE-330
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: ZEFRAM
Affected software:
Data-Entropy

Detailed vulnerability description

The vulnerability allows an attacker to bypass implemented security restrictions.

The vulnerability exists due to software uses the rand() function as the default source of entropy, which is not cryptographically secure. A remote attacker can bypass implemented security restrictions.


How to mitigate CVE-2025-1860

Install updates from vendor's website.

Sources