- Description
- Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider. In particular, Windows versions of perl will encounter this issue by default.
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- CWE-338
- Hype score
- Not currently trending
🚨 CVE-2025-1828 🔴 HIGH (8.8) 🏢 perl - Crypt::Random 🏗️ 1.05 🔗 https://t.co/C95hWWhCZa 🔗 https://t.co/ZHB7L2DWs4 🔗 https://t.co/xJApwJsSCD #CyberCron #VulnAlert #InfoSec https://t.co/odPDNDwdVH
@cybercronai
12 Mar 2025
132 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
1 Quote
CVE-2025-1828 Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. Crypt::Random::rand 1.05 thro… https://t.co/fCXi7t6cdN
@CVEnew
11 Mar 2025
512 Impressions
0 Retweets
15 Likes
0 Bookmarks
0 Replies
0 Quotes