{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-25T05:36:42.127","vulnerabilities":[{"cve":{"id":"CVE-2025-2814","sourceIdentifier":"9b29abf9-4ab0-4765-b253-1875cd9b441e","published":"2025-04-13T00:15:14.997","lastModified":"2026-06-17T09:07:39.950","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.\n\nThis issue affects operating systems where \"/dev/urandom'\" is unavailable.  In that case, Crypt::CBC will fallback to use the insecure rand() function."},{"lang":"es","value":"Las versiones de Crypt::CBC entre la 1.21 y la 3.04 para Perl pueden usar la función rand() como fuente predeterminada de entropía, la cual no es criptográficamente segura, para funciones criptográficas. Este problema afecta a sistemas operativos donde \"/dev/urandom'\" no está disponible. En ese caso, Crypt::CBC recurrirá a la función rand(), que no es segura."}],"affected":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","affectedData":[{"vendor":"LDS","product":"Crypt::CBC","defaultStatus":"unaffected","collectionURL":"https://cpan.org/modules","packageName":"Crypt-CBC","programFiles":["lib/Crypt/CBC.pm"],"repo":"https://github.com/lstein/Lib-Crypt-CBC","versions":[{"version":"1.21","lessThanOrEqual":"3.05","versionType":"custom","status":"affected"}]}]}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":2.5,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2025-04-14T18:21:53.532777Z","id":"CVE-2025-2814","options":[{"exploitation":"none"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"weaknesses":[{"source":"9b29abf9-4ab0-4765-b253-1875cd9b441e","type":"Secondary","description":[{"lang":"en","value":"CWE-329"},{"lang":"en","value":"CWE-331"},{"lang":"en","value":"CWE-338"}]},{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","description":[{"lang":"en","value":"CWE-338"}]}],"references":[{"url":"https://github.com/lstein/Lib-Crypt-CBC/commit/37111f7cd894bcec46156ba7f40a49c126ebf535.patch","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://perldoc.perl.org/functions/rand","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"},{"url":"https://security.metacpan.org/docs/guides/random-data-for-security.html","source":"9b29abf9-4ab0-4765-b253-1875cd9b441e"}]}}]}