Unknown · Formidable · CVE-2025-46653
**Name of the Vulnerable Software and Affected Versions**
Formidable versions 2.1.0 through 3.x before 3.5.3
**Description**
The issue relies on hexoid to prevent guessing of filenames for untrusted executable content. However, hexoid is documented as not cryptographically secure. There is a scenario in which only the last two characters of a hexoid string need to be guessed.
**Recommendations**
For versions 2.1.0 through 3.x before 3.5.3, update to version 3.5.3 or later to resolve the issue.