CVE-2025-2814

Source
https://cve.org/CVERecord?id=CVE-2025-2814
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2814.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-2814
Downstream
Related
Published
2025-04-12T23:41:48.511Z
Modified
2026-07-08T06:53:22.842852613Z
Severity
  • 4.0 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
Crypt::CBC versions between 1.21 and 3.05 for Perl may use insecure rand() function for cryptographic functions
Details

Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

This issue affects operating systems where "/dev/urandom'" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/2xxx/CVE-2025-2814.json",
    "cna_assigner": "CPANSec",
    "cwe_ids": [
        "CWE-329",
        "CWE-331",
        "CWE-338"
    ]
}
References

Affected packages

Git / github.com/cpan-authors/Lib-Crypt-CBC

Affected ranges

Type
GIT
Repo
https://github.com/cpan-authors/Lib-Crypt-CBC
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "1.21"
        },
        {
            "last_affected": "3.05"
        }
    ]
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-2814.json"