PT-2025-12876 · Unknown+2 · Dbix::Class::Encodedcolumn+2

Robert Rothenberg

Published

2025-03-26

Updated

2026-02-09

CVE-2025-27552

CVSS v3.1

4.0

Medium

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions DBIx::Class::EncodedColumn versions prior to 0.00032

Description The issue arises from the use of the rand() function, which is not cryptographically secure, to salt password hashes. This is associated with program files Crypt/Eksblowfish/Bcrypt.pm.

Recommendations For versions prior to 0.00032, consider updating to a version that uses a cryptographically secure method for salting password hashes. As a temporary workaround, consider restricting the use of password hashing functions associated with DBIx::Class::EncodedColumn until a secure update is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-916CWE-338CWE-331

Related Identifiers

BDU:2026-03624

CVE-2025-27552

Affected Products

Dbix::Class::Encodedcolumn

Debian

Red Os

PT-2025-12876 · Unknown+2 · Dbix::Class::Encodedcolumn+2

CVE-2025-27552

Weakness Enumeration

Related Identifiers

Affected Products

References · 20