CVE-2025-15618

CVSS v3.1

9.1

Critical

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.

Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.

This key is intended for encrypting credit card transaction data.

Fix

Protection Mechanism Failure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-338

Related Identifiers

CVE-2025-15618

Affected Products

Business::Onlinepayment::Storedtransaction

CVE-2025-15618

Weakness Enumeration

Related Identifiers

Affected Products

References · 3