CVE-2025-15618
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key
CVSS Score
9.1
EPSS Score
0.0%
EPSS Percentile
6th
Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.
| CWE | CWE-338 CWE-693 |
| Vendor | mock |
| Product | business::onlinepayment::storedtransaction |
| Published | Mar 31, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for mock business::onlinepayment::storedtransaction
Be the first to know when new critical vulnerabilities affecting mock business::onlinepayment::storedtransaction are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
MOCK / Business::OnlinePayment::StoredTransaction
0 โค 0.01
References
metacpan.org: https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75 security.metacpan.org: https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch openwall.com: http://www.openwall.com/lists/oss-security/2026/03/31/7