CVE-2025-2814

Name of the Vulnerable Software and Affected Versions: Crypt::CBC versions 1.21 through 3.04

Description: The issue affects Crypt::CBC for Perl, where versions between 1.21 and 3.04 may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom" is unavailable, causing Crypt::CBC to fallback to the insecure rand() function.

Recommendations: For Crypt::CBC versions 1.21 through 3.04, consider using a secure source of entropy instead of the rand() function. As a temporary workaround, restrict the use of Crypt::CBC in environments where "/dev/urandom" is unavailable to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.