- Description
- Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.
- Source
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
- Severity
- CRITICAL
- 9b29abf9-4ab0-4765-b253-1875cd9b441e
- CWE-338
- Hype score
- Not currently trending
Perl CPAN CVE-2025-15618: Business::OnlinePayment::StoredTransaction versions through 0.01 uses an insecure secret key https://t.co/dYIvXYRvLs CVE-2024-14031: Sereal::Encoder versions from 4.000 through 4.009_002 buffer overwrite in the Zstandard library https://t.co/CkEr7ggKiC
@oss_security
2 Apr 2026
422 Impressions
0 Retweets
3 Likes
1 Bookmark
1 Reply
0 Quotes
Security Advisory: CVE-2025-15618: Perl Payment Module Uses Insecure MD5/rand() Secret Key https://t.co/BGPKjSGcKr #Cybersecurity #InfoSec #CVE #PatchNow
@CosmicBytez
1 Apr 2026
110 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔴 CVE-2025-15618 - Critical Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 ha... https://t.co/ULrBI9co04 https://t.co/8HUmLmNCHB
@TheHackerWire
31 Mar 2026
155 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret … https://t.co/9U3eVk8Qjh
@CVEnew
31 Mar 2026
142 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes