← back
CVE-2025-27551

DBIx::Class::EncodedColumn until 0.00032 for Perl uses insecure rand() function for salting password hashes in Digest.pm

CVSS 4 MEDIUMEPSS 0.1%CWE-331CWE-338CWE-916
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4EPSS 0.1%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
26 Mar 2025Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Digest.pm. This issue affects DBIx::Class::EncodedColumn until 0.00032.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
WREIS · DBIx::Class::EncodedColumn

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://metacpan.org/release/WREIS/DBIx-Class-EncodedColumn-0.00032/changeshttps://security.metacpan.org/docs/guides/random-data-for-security.html