CVE-2025-15618

N/A Unknown

Published: March 31, 2026 Modified: March 31, 2026

Description

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch

Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e

2 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-338 CWE-693

Related CVEs

CVE-2026-5198 7.3

CVE-2026-4267 7.2

CVE-2026-3191 5.4

CVE-2026-3139 4.3

CVE-2026-34509 7.5