Common Weakness Enumeration

CWE-331

Allowed

Insufficient Entropy

Abstraction: Base · Status: Draft

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

207 vulnerabilities reference this CWE, most recent first.

CVE-2026-4930 (GCVE-0-2026-4930)

Vulnerability from cvelistv5 – Published: 2026-06-25 18:39 – Updated: 2026-06-25 19:03
VLAI
Title
DPA Countermeasures weakening on Series 3 devices
Summary
SYMCRYPTO is the SiXG301's host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing). DPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device. * Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://community.silabs.com/068Vm00000sjHs3 third-party-advisorypermissions-required
Impacted products
Vendor Product Version
silabs.com Simplicity SDK Affected: 0 , ≤ *.* (semver)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4930",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-25T19:03:07.263017Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-25T19:03:41.047Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "packageName": "SiSDK",
          "product": "Simplicity SDK",
          "vendor": "silabs.com",
          "versions": [
            {
              "lessThanOrEqual": "*.*",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "SYMCRYPTO is the SiXG301\u0027s host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).\n\u003cbr\u003e\u003cbr\u003e\u003cdiv\u003eDPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.\n\u003cbr\u003e\u003cul\u003e\u003cli\u003eTherefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended\u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e"
            }
          ],
          "value": "SYMCRYPTO is the SiXG301\u0027s host side hardware engine accessed by PSA crypto library that accelerates symmetric cryptographic operations (AES encryption/decryption and hashing).\n\n\nDPA Countermeasures on SYMCRYPTO can be weakened (reduced entropy) by forcing certain seed values if an attacker gains code execution capability on the impacted device.\n\n  *  Therefore, the keys loaded on SYMCRYPTO may be more vulnerable to extraction through DPA attacks than intended"
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-97",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-97 Cryptanalysis"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "PHYSICAL",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "HIGH",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:P/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:H/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-25T18:39:26.379Z",
        "orgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
        "shortName": "Silabs"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory",
            "permissions-required"
          ],
          "url": "https://community.silabs.com/068Vm00000sjHs3"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DPA Countermeasures weakening on Series 3 devices",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "030b2754-1501-44a4-bef8-48be86a33bf4",
    "assignerShortName": "Silabs",
    "cveId": "CVE-2026-4930",
    "datePublished": "2026-06-25T18:39:26.379Z",
    "dateReserved": "2026-03-26T19:20:56.943Z",
    "dateUpdated": "2026-06-25T19:03:41.047Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-4827 (GCVE-0-2026-4827)

Vulnerability from cvelistv5 – Published: 2026-05-12 12:24 – Updated: 2026-05-14 17:38
VLAI
Title
Insufficient Entropy vulnerability on Multiple Products
Summary
CWE‑331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session‑management protections.
SSVC
Exploitation: none Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Schneider Electric Easergy MiCOM C264 Affected: Versions D6.x
Affected: Versions D7.33 and prior
Create a notification for this product.
Schneider Electric Easergy C5 Affected: Version 1.1.17 and prior
Create a notification for this product.
Schneider Electric Easergy MiCOM P30 Affected: P139 version prior to P139.678.700
Affected: P437 version prior to P437.678.700
Affected: P439 version prior to P439.678.700
Affected: P532 version prior to P532.678.700
Affected: P539 version prior to P539.678.700
Affected: P631 version prior to P631.678.700
Affected: P632 version prior to P632.678.700
Affected: P633 version prior to P633.678.700
Affected: P634 version prior to P634.678.700
Affected: P633 version P633.680.700 only
Affected: P634 version P634.680.700 only
Affected: P138 version prior to P138.677.700
Affected: P436 version prior to P436.677.701
Affected: P438 version prior to P438.677.701
Affected: P638 version prior to P638.677.700
Affected: C434 version prior to C434.679.700
Create a notification for this product.
Schneider Electric Easergy MiCOM P40 Affected: Series model numbers with Protocol Option bit as G, H or L and all firmware versions
Create a notification for this product.
Schneider Electric EcoStruxure™ Power Automation System Gateway (EPAS-GTW) Affected: Version 6.4.616.200.100 and prior
Create a notification for this product.
Schneider Electric EcoStruxure™ Power Automation System User Interface (EPAS-UI) Affected: Version 3.0.3 and prior
Create a notification for this product.
Schneider Electric EcoStruxure™ Power Operation Affected: Version 2022 CU6 and prior
Affected: Version 2024 CU2 and prior
Create a notification for this product.
Schneider Electric iPMFLS Affected: Version 64.2025.0.13 and prior
Create a notification for this product.
Schneider Electric PowerLogic™ P5 Protection Relay Affected: V02.502.103 and prior
Create a notification for this product.
Schneider Electric PowerLogic™ P7 Protection and Control Platform Affected: V02.002.002 and prior
Create a notification for this product.
Schneider Electric PowerLogic™ T300 Affected: Version 2.9.4 and prior
Create a notification for this product.
Schneider Electric PowerLogic™ T500 Affected: Version 11.08.02 and prior
Create a notification for this product.
Schneider Electric Saitel DP Affected: Version 11.06.36 and prior
Create a notification for this product.
Schneider Electric EasyLogic T150 (formerly Saitel DR) Affected: Version 11.06.30 and prior
Create a notification for this product.
Date Public
2026-05-12 16:49
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-4827",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-12T12:39:02.210471Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:39:31.579Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Easergy MiCOM C264",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Versions D6.x"
            },
            {
              "status": "affected",
              "version": "Versions D7.33 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Easergy C5",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 1.1.17 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Easergy MiCOM P30",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "P139 version prior to P139.678.700"
            },
            {
              "status": "affected",
              "version": "P437 version prior to P437.678.700"
            },
            {
              "status": "affected",
              "version": "P439 version prior to P439.678.700"
            },
            {
              "status": "affected",
              "version": "P532 version prior to P532.678.700"
            },
            {
              "status": "affected",
              "version": "P539 version prior to P539.678.700"
            },
            {
              "status": "affected",
              "version": "P631 version prior to P631.678.700"
            },
            {
              "status": "affected",
              "version": "P632 version prior to P632.678.700"
            },
            {
              "status": "affected",
              "version": "P633 version prior to P633.678.700"
            },
            {
              "status": "affected",
              "version": "P634 version prior to P634.678.700"
            },
            {
              "status": "affected",
              "version": "P633 version P633.680.700 only"
            },
            {
              "status": "affected",
              "version": "P634 version P634.680.700 only"
            },
            {
              "status": "affected",
              "version": "P138 version prior to P138.677.700"
            },
            {
              "status": "affected",
              "version": "P436 version prior to P436.677.701"
            },
            {
              "status": "affected",
              "version": "P438 version prior to P438.677.701"
            },
            {
              "status": "affected",
              "version": "P638 version prior to P638.677.700"
            },
            {
              "status": "affected",
              "version": "C434 version prior to C434.679.700"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Easergy MiCOM P40",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Series model numbers with Protocol Option bit as G, H or L and all firmware versions"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure\u2122 Power Automation System Gateway (EPAS-GTW)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 6.4.616.200.100 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure\u2122 Power Automation System User Interface (EPAS-UI)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 3.0.3 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EcoStruxure\u2122 Power Operation",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 2022 CU6 and prior"
            },
            {
              "status": "affected",
              "version": "Version 2024 CU2 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "iPMFLS",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 64.2025.0.13 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PowerLogic\u2122 P5 Protection Relay",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "V02.502.103 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PowerLogic\u2122 P7 Protection and Control Platform",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "V02.002.002 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PowerLogic\u2122 T300",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 2.9.4 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "PowerLogic\u2122 T500",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 11.08.02 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "Saitel DP",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 11.06.36 and prior"
            }
          ]
        },
        {
          "defaultStatus": "unaffected",
          "product": "EasyLogic T150 (formerly Saitel DR)",
          "vendor": "Schneider Electric",
          "versions": [
            {
              "status": "affected",
              "version": "Version 11.06.30 and prior"
            }
          ]
        }
      ],
      "datePublic": "2026-05-12T16:49:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "CWE\u2011331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections."
            }
          ],
          "value": "CWE\u2011331: Insufficient Entropy vulnerability exists that could lead to unauthorized access when an attacker on the network can exploit weaknesses in session\u2011management protections."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "PASSIVE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-14T17:38:38.647Z",
        "orgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
        "shortName": "schneider"
      },
      "references": [
        {
          "url": "https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2026-132-02\u0026p_enDocType=Security+and+Safety+Notice\u0026p_File_Name=SEVD-2026-132-02.pdf"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient Entropy vulnerability on Multiple Products",
      "x_generator": {
        "engine": "Vulnogram 1.0.2"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "076d1eb6-cfab-4401-b34d-6dfc2a413bdb",
    "assignerShortName": "schneider",
    "cveId": "CVE-2026-4827",
    "datePublished": "2026-05-12T12:24:22.928Z",
    "dateReserved": "2026-03-25T14:07:29.111Z",
    "dateUpdated": "2026-05-14T17:38:38.647Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2878 (GCVE-0-2026-2878)

Vulnerability from cvelistv5 – Published: 2026-02-25 14:45 – Updated: 2026-02-27 17:06
VLAI
Title
Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX
Summary
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Progress Software Telerik UI for ASP.NET AJAX Affected: 2011.2.712 , < 2026.1.225 (custom)
Create a notification for this product.
Credits
Monetary Authority of Singapore
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2878",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-27T17:06:09.729072Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-27T17:06:16.616Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Telerik UI for ASP.NET AJAX",
          "vendor": "Progress Software",
          "versions": [
            {
              "lessThan": "2026.1.225",
              "status": "affected",
              "version": "2011.2.712",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Monetary Authority of Singapore"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "In Progress\u00ae Telerik\u00ae UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering."
            }
          ],
          "value": "In Progress\u00ae Telerik\u00ae UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-149",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-149 Explore for Predictable Temporary File Names"
            }
          ]
        },
        {
          "capecId": "CAPEC-26",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-26 Leveraging Race Conditions"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-25T14:45:11.142Z",
        "orgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
        "shortName": "ProgressSoftware"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.telerik.com/products/aspnet-ajax/documentation/knowledge-base/kb-security-insufficient-entropy-cve-2026-2878"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f9fea0b6-671e-4eea-8fde-31911902ae05",
    "assignerShortName": "ProgressSoftware",
    "cveId": "CVE-2026-2878",
    "datePublished": "2026-02-25T14:45:11.142Z",
    "dateReserved": "2026-02-20T16:20:51.770Z",
    "dateUpdated": "2026-02-27T17:06:16.616Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2541 (GCVE-0-2026-2541)

Vulnerability from cvelistv5 – Published: 2026-02-15 11:07 – Updated: 2026-02-17 17:06
VLAI
Title
Micca KE700 Brute-force vulnerability due to low entropy
Summary
The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Credits
Danilo Erazo
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2541",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-17T16:42:16.545829Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-17T17:06:46.968Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "affected",
          "product": "Car Alarm System KE700",
          "vendor": "Micca Auto Electronics Co., Ltd.",
          "versions": [
            {
              "status": "affected",
              "version": "KE700"
            },
            {
              "status": "unknown",
              "version": "KE700+"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Danilo Erazo"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle."
            }
          ],
          "value": "The Micca KE700 system relies on a 6-bit portion of an identifier for authentication within rolling codes, providing only 64 possible combinations. This low entropy allows an attacker to perform a brute-force attack against one component of the rolling code. Successful exploitation simplify an attacker to predict the next valid rolling code, granting unauthorized access to the vehicle."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-112",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-112: Brute Force"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "ADJACENT",
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "LOW",
            "subIntegrityImpact": "LOW",
            "userInteraction": "NONE",
            "valueDensity": "DIFFUSE",
            "vectorString": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:L/SA:H/V:D/RE:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "HIGH"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331: Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-15T11:07:40.539Z",
        "orgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
        "shortName": "ASRG"
      },
      "references": [
        {
          "tags": [
            "third-party-advisory"
          ],
          "url": "https://asrg.io/security-advisories/cve-2026-2541/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cul\u003e\u003cli\u003e\u003cb\u003eIncrease entropy:\u003c/b\u003e The random component of the code must be significantly larger. A 16-bit keyspace is insecure by modern standards. A minimum of 64 bits of entropy would make a brute-force attack computationally infeasible.\u003c/li\u003e\n\u003c/ul\u003e"
            }
          ],
          "value": "*  Increase entropy: The random component of the code must be significantly larger. A 16-bit keyspace is insecure by modern standards. A minimum of 64 bits of entropy would make a brute-force attack computationally infeasible."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Micca KE700 Brute-force vulnerability due to low entropy",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c15abc07-96a9-4d11-a503-5d621bfe42ba",
    "assignerShortName": "ASRG",
    "cveId": "CVE-2026-2541",
    "datePublished": "2026-02-15T11:07:40.539Z",
    "dateReserved": "2026-02-15T10:49:23.973Z",
    "dateUpdated": "2026-02-17T17:06:46.968Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-2336 (GCVE-0-2026-2336)

Vulnerability from cvelistv5 – Published: 2026-04-16 17:02 – Updated: 2026-04-16 17:34
VLAI
Title
Weak webstax_auth Cookie Authentication Allows Privilege Escalation
Summary
A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
Microchip IStaX Affected: 0 , < 2026.03 (custom)
Create a notification for this product.
Date Public
2026-04-14 00:00
Credits
Rickard Jonsson
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-2336",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-16T17:34:33.723469Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-16T17:34:39.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "IStaX",
          "vendor": "Microchip",
          "versions": [
            {
              "lessThan": "2026.03",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Rickard Jonsson"
        }
      ],
      "datePublic": "2026-04-14T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own \u003ccode\u003ewebstax_auth\u003c/code\u003e session cookie and forge a new cookie with administrative privileges.\u003cp\u003eThis issue affects IStaX before 2026.03.\u003c/p\u003e"
            }
          ],
          "value": "A privilege escalation vulnerability in Microchip IStaX allows an authenticated low-privileged user to recover a shared per-device cookie secret from their own webstax_auth session cookie and forge a new cookie with administrative privileges.This issue affects IStaX before 2026.03."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "LOW",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "HIGH",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:H",
            "version": "4.0",
            "vulnAvailabilityImpact": "HIGH",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-04-16T17:02:06.352Z",
        "orgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
        "shortName": "Microchip"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.microchip.com/en-us/solutions/technologies/embedded-security/how-to-report-potential-product-security-vulnerabilities/istax-privilege-escalation-via-weak-cookie-authentication"
        }
      ],
      "source": {
        "advisory": "PSIRT-123",
        "discovery": "EXTERNAL"
      },
      "title": "Weak webstax_auth Cookie Authentication Allows Privilege Escalation",
      "workarounds": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded."
            }
          ],
          "value": "Restrict access to the management interface to trusted networks and trusted users until devices can be upgraded."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dc3f6da9-85b5-4a73-84a2-2ec90b40fca5",
    "assignerShortName": "Microchip",
    "cveId": "CVE-2026-2336",
    "datePublished": "2026-04-16T17:02:06.352Z",
    "dateReserved": "2026-02-11T10:30:26.167Z",
    "dateUpdated": "2026-04-16T17:34:39.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-1814 (GCVE-0-2026-1814)

Vulnerability from cvelistv5 – Published: 2026-02-03 14:54 – Updated: 2026-02-26 15:04
VLAI
Title
Rapid7 Nexpose Insecure Java Keystore Password Generation
Summary
Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix 'p', resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials.
SSVC
Exploitation: none Automatable: no Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
URL Tags
https://www.atredis.com/disclosure exploitthird-party-advisory
Impacted products
Vendor Product Version
Rapid7 InsightVM/Nexpose Affected: 6.4.50 , < 8.36.0 (semver)
Create a notification for this product.
Credits
Justin Kennedy Atredis Partners Stephen Breen Phil Brass
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-1814",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-02-04T04:55:53.093730Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-02-26T15:04:28.129Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "modules": [
            "CredentialsKeyStorePassword class (NSCStartupService)"
          ],
          "platforms": [
            "Linux",
            "Windows"
          ],
          "product": "InsightVM/Nexpose",
          "vendor": "Rapid7",
          "versions": [
            {
              "lessThan": "8.36.0",
              "status": "affected",
              "version": "6.4.50",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Justin Kennedy"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "Atredis Partners"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Stephen Breen"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Phil Brass"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix \u0027p\u0027, resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials."
            }
          ],
          "value": "Rapid7 Nexpose versions 6.4.50 and later are vulnerable to an insufficient entropy issue in the CredentialsKeyStorePassword.generateRandomPassword() method. When updating legacy keystore passwords, the application generates a new password with insufficient length (7-12 characters) and a static prefix \u0027p\u0027, resulting in a weak keyspace. An attacker with access to the nsc.ks file can brute-force this password using consumer-grade hardware to decrypt stored credentials."
        }
      ],
      "impacts": [
        {
          "capecId": "CAPEC-112",
          "descriptions": [
            {
              "lang": "en",
              "value": "CAPEC-112 Brute Force"
            }
          ]
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "NONE",
            "attackVector": "LOCAL",
            "baseScore": 6.8,
            "baseSeverity": "MEDIUM",
            "exploitMaturity": "NOT_DEFINED",
            "privilegesRequired": "HIGH",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "HIGH",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:L/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "NONE",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-09T19:30:52.884Z",
        "orgId": "9974b330-7714-4307-a722-5648477acda7",
        "shortName": "rapid7"
      },
      "references": [
        {
          "tags": [
            "exploit",
            "third-party-advisory"
          ],
          "url": "https://www.atredis.com/disclosure"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "InsightVM or Nexpose customers with automatic product updates enabled will receive and process this update when it is released. Customers who manually control their own update version can utilize the manual update process within the security console to update to version 8.36.0 when it is made available. We recommend those customers schedule this update as soon as reasonably possible.\u003cbr\u003e"
            }
          ],
          "value": "InsightVM or Nexpose customers with automatic product updates enabled will receive and process this update when it is released. Customers who manually control their own update version can utilize the manual update process within the security console to update to version 8.36.0 when it is made available. We recommend those customers schedule this update as soon as reasonably possible."
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Rapid7 Nexpose Insecure Java Keystore Password Generation",
      "x_generator": {
        "engine": "Vulnogram 0.5.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9974b330-7714-4307-a722-5648477acda7",
    "assignerShortName": "rapid7",
    "cveId": "CVE-2026-1814",
    "datePublished": "2026-02-03T14:54:12.073Z",
    "dateReserved": "2026-02-03T14:05:09.471Z",
    "dateUpdated": "2026-02-26T15:04:28.129Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-67504 (GCVE-0-2025-67504)

Vulnerability from cvelistv5 – Published: 2025-12-09 03:31 – Updated: 2025-12-09 15:10
VLAI
Title
WBCE CMS has Weak Random Number Generator in Password Generation Function
Summary
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-331 - Insufficient Entropy
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
Impacted products
Vendor Product Version
WBCE WBCE_CMS Affected: < 1.6.5
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-67504",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T15:10:29.392302Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T15:10:35.359Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WBCE_CMS",
          "vendor": "WBCE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.6.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP\u0027s rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331: Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T03:31:17.723Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6"
        },
        {
          "name": "https://github.com/WBCE/WBCE_CMS/commit/5d59fe021a5c6e469b1bf192b72ca652e54278f6",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WBCE/WBCE_CMS/commit/5d59fe021a5c6e469b1bf192b72ca652e54278f6"
        },
        {
          "name": "https://cwe.mitre.org/data/definitions/338.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cwe.mitre.org/data/definitions/338.html"
        },
        {
          "name": "https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.5",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/WBCE/WBCE_CMS/releases/tag/1.6.5"
        }
      ],
      "source": {
        "advisory": "GHSA-76gj-pmvx-jcc6",
        "discovery": "UNKNOWN"
      },
      "title": "WBCE CMS has Weak Random Number Generator in Password Generation Function"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-67504",
    "datePublished": "2025-12-09T03:31:17.723Z",
    "dateReserved": "2025-12-08T21:19:11.206Z",
    "dateUpdated": "2025-12-09T15:10:35.359Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-66565 (GCVE-0-2025-66565)

Vulnerability from cvelistv5 – Published: 2025-12-09 01:47 – Updated: 2025-12-09 16:03
VLAI
Title
Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Summary
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
SSVC
Exploitation: poc Automatable: yes Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
  • CWE-252 - Unchecked Return Value
  • CWE-331 - Insufficient Entropy
  • CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
Assigner
References
Impacted products
Vendor Product Version
gofiber utils Affected: github.com/gofiber/utils <= 1.2.0
Affected: github.com/gofiber/utils/v2 < 2.0.0-rc.4
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-66565",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-12-09T14:16:58.759199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-12-09T16:03:03.356Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "exploit"
            ],
            "url": "https://github.com/gofiber/utils/security/advisories/GHSA-m98w-cqp3-qcqr"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "utils",
          "vendor": "gofiber",
          "versions": [
            {
              "status": "affected",
              "version": "github.com/gofiber/utils \u003c= 1.2.0"
            },
            {
              "status": "affected",
              "version": "github.com/gofiber/utils/v2 \u003c 2.0.0-rc.4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system\u0027s cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID \"00000000-0000-0000-0000-000000000000\". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "attackComplexity": "LOW",
            "attackRequirements": "NONE",
            "attackVector": "NETWORK",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "privilegesRequired": "NONE",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "LOW",
            "vulnConfidentialityImpact": "HIGH",
            "vulnIntegrityImpact": "HIGH"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-252",
              "description": "CWE-252: Unchecked Return Value",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331: Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-338",
              "description": "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-12-09T01:47:58.430Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/gofiber/utils/security/advisories/GHSA-m98w-cqp3-qcqr",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/gofiber/utils/security/advisories/GHSA-m98w-cqp3-qcqr"
        },
        {
          "name": "https://github.com/gofiber/utils/commit/6c6cf047032b9c8dff43d29f990b4b10e9b02d47",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/gofiber/utils/commit/6c6cf047032b9c8dff43d29f990b4b10e9b02d47"
        }
      ],
      "source": {
        "advisory": "GHSA-m98w-cqp3-qcqr",
        "discovery": "UNKNOWN"
      },
      "title": "Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2025-66565",
    "datePublished": "2025-12-09T01:47:58.430Z",
    "dateReserved": "2025-12-04T16:05:22.975Z",
    "dateUpdated": "2025-12-09T16:03:03.356Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2025-62774 (GCVE-0-2025-62774)

Vulnerability from cvelistv5 – Published: 2025-10-22 00:00 – Updated: 2025-10-22 15:48
VLAI
Summary
On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps.
SSVC
Exploitation: poc Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
Impacted products
Vendor Product Version
Mercku M6a Affected: 0 , ≤ 2.1.0 (custom)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-62774",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-10-22T15:48:17.236069Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-22T15:48:43.953Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "M6a",
          "vendor": "Mercku",
          "versions": [
            {
              "lessThanOrEqual": "2.1.0",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "On Mercku M6a devices through 2.1.0, the authentication system uses predictable session tokens based on timestamps."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-10-22T03:01:09.790Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://seclists.org/fulldisclosure/2025/Oct/10"
        },
        {
          "url": "https://blog.nullvoid.me/posts/mercku-exploits/"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-62774",
    "datePublished": "2025-10-22T00:00:00.000Z",
    "dateReserved": "2025-10-22T00:00:00.000Z",
    "dateUpdated": "2025-10-22T15:48:43.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2025-59015 (GCVE-0-2025-59015)

Vulnerability from cvelistv5 – Published: 2025-09-09 09:00 – Updated: 2025-09-09 19:31
VLAI
Title
Insufficient Entropy in Password Generation
Summary
A deterministic three‑character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0–12.4.36 and 13.0.0–13.4.17 reduces entropy, allowing attackers to carry out brute‑force attacks more quickly.
SSVC
Exploitation: none Automatable: no Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Impacted products
Vendor Product Version
TYPO3 TYPO3 CMS Affected: 12.0.0 , < 12.4.37 (semver)
Affected: 13.0.0 , < 13.4.18 (semver)
Create a notification for this product.
Date Public
2025-09-09 09:00
Credits
Mathias Brodala Oliver Hader
Show details on NVD website

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59015",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-09T19:31:01.239247Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-09T19:31:09.254Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://packagist.org",
          "defaultStatus": "unaffected",
          "modules": [
            "Core"
          ],
          "packageName": "typo3/cms-core",
          "product": "TYPO3 CMS",
          "repo": "https://github.com/TYPO3/typo3",
          "vendor": "TYPO3",
          "versions": [
            {
              "lessThan": "12.4.37",
              "status": "affected",
              "version": "12.0.0",
              "versionType": "semver"
            },
            {
              "lessThan": "13.4.18",
              "status": "affected",
              "version": "13.0.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "reporter",
          "value": "Mathias Brodala"
        },
        {
          "lang": "en",
          "type": "remediation developer",
          "value": "Oliver Hader"
        }
      ],
      "datePublic": "2025-09-09T09:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
            }
          ],
          "value": "A deterministic three\u2011character prefix in the Password Generation component of TYPO3 CMS versions 12.0.0\u201312.4.36 and 13.0.0\u201313.4.17 reduces entropy, allowing attackers to carry out brute\u2011force attacks more quickly."
        }
      ],
      "metrics": [
        {
          "cvssV4_0": {
            "Automatable": "NOT_DEFINED",
            "Recovery": "NOT_DEFINED",
            "Safety": "NOT_DEFINED",
            "attackComplexity": "HIGH",
            "attackRequirements": "PRESENT",
            "attackVector": "NETWORK",
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "privilegesRequired": "NONE",
            "providerUrgency": "NOT_DEFINED",
            "subAvailabilityImpact": "NONE",
            "subConfidentialityImpact": "NONE",
            "subIntegrityImpact": "NONE",
            "userInteraction": "NONE",
            "valueDensity": "NOT_DEFINED",
            "vectorString": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N",
            "version": "4.0",
            "vulnAvailabilityImpact": "NONE",
            "vulnConfidentialityImpact": "LOW",
            "vulnIntegrityImpact": "LOW",
            "vulnerabilityResponseEffort": "NOT_DEFINED"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-331",
              "description": "CWE-331 Insufficient Entropy",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-09T09:00:48.801Z",
        "orgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
        "shortName": "TYPO3"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://typo3.org/security/advisory/typo3-core-sa-2025-019"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient Entropy in Password Generation",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f4fb688c-4412-4426-b4b8-421ecf27b14a",
    "assignerShortName": "TYPO3",
    "cveId": "CVE-2025-59015",
    "datePublished": "2025-09-09T09:00:48.801Z",
    "dateReserved": "2025-09-07T19:01:20.436Z",
    "dateUpdated": "2025-09-09T19:31:09.254Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Mitigation
Implementation

Determine the necessary entropy to adequately provide for randomness and predictability. This can be achieved by increasing the number of bits of objects such as keys and seeds.

CAPEC-59: Session Credential Falsification through Prediction

This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.