CVE-2025-15618CRITICAL 9.1EPSS p24.4%
CVE-2025-15618CVE-2025-15618
Description
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.
Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.
This key is intended for encrypting credit card transaction data.
Scoring
| CVSS 3.1 | 9.1 (CRITICAL) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
| EPSS | 0.33% probability of exploitation · percentile 24.4% · 2026-06-18T12:00:27Z |
| Published | 2026-03-31 |
| Last modified | 2026-04-13 |
Underlying weaknesses· 2
References
2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Weakness | Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)cwe-338 | 0% | live |
| Weakness | Protection Mechanism Failurecwe-693 | 0% | live |
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.