CVE-2025-15618

CRITICAL EPSS 24.5%
Published Mar 31, 20263mo ago · Modified Jun 17, 20262w ago
9.1 CVSS 3.1
Critical
Find Similar
Published Mar 31, 2026 3mo ago
Last Modified Jun 17, 2026 2w ago

Description

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.

CVSS Details

Base Score
9.1
Exploitability
3.9
Impact
5.2
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity High
Availability None

Threat Intelligence

EPSS Exploit Probability
24.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-338
CWE-693

Affected Products 1

VendorProductVersionRange
mockbusiness\\any

References 3

  • openwall.com http://www.openwall.com/lists/oss-security/2026/03/31/7
    Mailing ListThird Party Advisory
  • metacpan.org https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75
    Product
  • security.metacpan.org https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch
    Patch

Remediation

  • security.metacpan.org https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch
    Patch