PT-2026-29217 · Unknown · Business::Onlinepayment::Storedtransaction

Published

2026-03-31

Updated

2026-04-02

CVE-2025-15618

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Business::OnlinePayment::StoredTransaction versions through 0.01

Description The software generates a secret key using an MD5 hash of a single call to the rand function, which is not suitable for cryptographic purposes. This key is used for encrypting credit card transaction data.

Recommendations Versions prior to 0.01 should be updated.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-338

Related Identifiers

CVE-2025-15618

Affected Products

Business::Onlinepayment::Storedtransaction

PT-2026-29217 · Unknown · Business::Onlinepayment::Storedtransaction

CVE-2025-15618

Weakness Enumeration

Related Identifiers

Affected Products

References · 8