CVE-2025-27551

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.

CVSS v3 4.0 MEDIUM

4.0^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.5 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changes
https://security.metacpan.org/docs/guides/random-data-for-security.html

Configurations

No configuration.

History

No history.

Information

Published : 2025-03-26 11:15

Updated : 2025-09-05 14:15

NVD link : CVE-2025-27551

Mitre link : CVE-2025-27551

CVE.ORG link : CVE-2025-27551

JSON object : View

Products Affected

No product.

CWE

CWE-331

Insufficient Entropy

CWE-338

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

CWE-916

Use of Password Hash With Insufficient Computational Effort

4.0 /10