CVE-2025-15618

Published Mar 31, 2026

Last updated a month ago

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-15618 pertains to a weakness identified in the `Business::OnlinePayment::StoredTransaction` Perl module, specifically in versions up to and including 0.01. This vulnerability arises from the module's method of generating a secret key, which is intended for the encryption of credit card transaction data. The module generates this secret key by employing an MD5 hash of a single invocation of the built-in `rand` function. This approach is considered unsuitable for cryptographic applications, as it does not produce a sufficiently robust or unpredictable key for securing sensitive information like credit card details.

Description: Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
NVD status: Analyzed
Products: business\

Risk scores

CVSS 3.1

Type: Secondary
Base score: 9.1
Impact score: 5.2
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Severity: CRITICAL

Weaknesses

9b29abf9-4ab0-4765-b253-1875cd9b441e: CWE-338

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mock:business\\:\\:onlinepayment\\:\\:storedtransaction:0.01:*:*:*:*:perl:*:*",
            "matchCriteriaId": "802AEA8D-5107-4BA0-997B-788A65BD0683",
            "vulnerable": true
          }
        ],
        "negate": false,
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.