CVE-2025-62710

CVSS v3.1

5.9

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Sakai versions prior to 23.5 Sakai versions prior to 25.0

Description Sakai is a Collaboration and Learning Environment. The EncryptionUtilityServiceImpl component initialized an AES256TextEncryptor password (

serverSecretKey

) using RandomStringUtils with the default java.util.Random, which is a non-cryptographic pseudo-random number generator (PRNG). This PRNG can be predicted from limited state or seed information, reducing the effectiveness of the generated key. An attacker obtaining ciphertexts may be able to reconstruct the

serverSecretKey

and decrypt affected data.

Recommendations Update to Sakai version 23.5 or later. Update to Sakai version 25.0 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-337

Related Identifiers

CVE-2025-62710

GHSA-GR7H-XW4F-WH86

Affected Products

Sakai

CVE-2025-62710

Weakness Enumeration

Related Identifiers

Affected Products

References · 9