CVE-2025-1860

CVSS v3.1

7.7

High

Vector

AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Data::Entropy versions 0.007 and earlier

Description The issue concerns the use of the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

Recommendations For Data::Entropy versions 0.007 and earlier, consider using a cryptographically secure source of entropy instead of the default rand() function to mitigate the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-331CWE-338

Related Identifiers

BDU:2025-08609

CVE-2025-1860

DLA-4100-1

MGASA-2025-0279

OPENSUSE-SU-2025:0123-1

OPENSUSE-SU-2025:14960-1

Affected Products

Data::Entropy

Debian

Red Os

CVE-2025-1860

Weakness Enumeration

Related Identifiers

Affected Products

References · 32