CVE-2025-27551

Summary

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes.

This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm.

This issue affects DBIx::Class::EncodedColumn until 0.00032.

Affected Software

VendorProductVersion RangeStatus
WREISDBIx::Class::EncodedColumn0 < 0.00032affected

Weaknesses

  • CWE-338: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
  • CWE-916: CWE-916 Use of Password Hash With Insufficient Computational Effort
  • CWE-331: CWE-331 Insufficient Entropy

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References