CVE-2025-1828

Name of the Vulnerable Software and Affected Versions Crypt::Random Perl package versions 1.05 through 1.55

Description The issue arises from the use of the rand() function, which is not cryptographically strong, for cryptographic functions. Specifically, Crypt::Random::rand uses the rand() function. If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available, Crypt::Random will default to using the insecure Crypt::Random::rand provider. This problem is particularly prevalent in Windows versions of Perl, where it occurs by default.

Recommendations For Crypt::Random Perl package versions 1.05 through 1.55, consider specifying a secure Provider or ensuring the availability of /dev/urandom or an Entropy Gathering Daemon (egd) service to avoid the default use of the insecure Crypt::Random::rand provider. As a temporary workaround, consider disabling the use of Crypt::Random::rand until a secure alternative is implemented.