CVE-2026-25235

Summary

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.

Affected Software

VendorProductVersion RangeStatus
pearpearweb< 1.33.0affected

Weaknesses

  • CWE-337: CWE-337: Predictable Seed in Pseudo-Random Number Generator (PRNG)

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References