CWE-330
Use of Insufficiently Random Values
The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.
CVE-2023-29332 (GCVE-0-2023-29332)
Vulnerability from cvelistv5
Published
2023-09-12 16:58
Modified
2025-10-30 18:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Microsoft | Azure Kubernetes Service |
Version: 1.0 < VHD 202308 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:45.624Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-29332",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-26T21:50:20.635220Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-27T20:54:08.046Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"Unknown"
],
"product": "Azure Kubernetes Service",
"vendor": "Microsoft",
"versions": [
{
"lessThan": "VHD 202308",
"status": "affected",
"version": "1.0",
"versionType": "custom"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:microsoft:azure_kubernetes_service:*:*:*:*:*:*:*:*",
"versionEndExcluding": "VHD 202308",
"versionStartIncluding": "1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"datePublic": "2023-09-12T07:00:00.000Z",
"descriptions": [
{
"lang": "en-US",
"value": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability"
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en-US",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en-US",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-30T18:17:39.232Z",
"orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"shortName": "microsoft"
},
"references": [
{
"name": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability",
"tags": [
"vendor-advisory"
],
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-29332"
}
],
"title": "Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
"assignerShortName": "microsoft",
"cveId": "CVE-2023-29332",
"datePublished": "2023-09-12T16:58:34.444Z",
"dateReserved": "2023-04-04T22:34:18.379Z",
"dateUpdated": "2025-10-30T18:17:39.232Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2023-30797 (GCVE-0-2023-30797)
Vulnerability from cvelistv5
Published
2023-04-19 19:10
Modified
2025-11-21 16:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:37:15.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md"
},
{
"tags": [
"patch",
"x_transferred"
],
"url": "https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238"
},
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm"
},
{
"tags": [
"third-party-advisory",
"x_transferred"
],
"url": "https://vulncheck.com/advisories/netflix-lemur-weak-rng"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-30797",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:49:23.482600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T14:50:36.951Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pypi.org/project/lemur/",
"defaultStatus": "unaffected",
"packageName": "lemur",
"product": "Lemur",
"repo": "https://github.com/Netflix/lemur",
"vendor": "Netflix",
"versions": [
{
"lessThan": "1.3.2",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netflix:lemur:*:*:*:*:*:*:*:*",
"versionEndExcluding": "1.3.2",
"versionStartIncluding": "0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"datePublic": "2023-02-28T15:41:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eNetflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Netflix Lemur before version 1.3.2 used insufficiently random values when generating default credentials. The insufficiently random values may allow an attacker to guess the credentials and gain access to resources managed by Lemur."
}
],
"impacts": [
{
"capecId": "CAPEC-112",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-112 Brute Force"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T16:10:24.442Z",
"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"shortName": "VulnCheck"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2023-001.md"
},
{
"tags": [
"patch"
],
"url": "https://github.com/Netflix/lemur/commit/666d853212174ee7f4e6f8b3b4b389ede1872238"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://github.com/Netflix/lemur/security/advisories/GHSA-5fqv-mpj8-h7gm"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://vulncheck.com/advisories/netflix-lemur-weak-rng"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Insecure Random Generation in Netflix Lemur",
"x_generator": {
"engine": "vulncheck"
}
}
},
"cveMetadata": {
"assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10",
"assignerShortName": "VulnCheck",
"cveId": "CVE-2023-30797",
"datePublished": "2023-04-19T19:10:12.523Z",
"dateReserved": "2023-04-18T10:31:45.962Z",
"dateUpdated": "2025-11-21T16:10:24.442Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-52615 (GCVE-0-2024-52615)
Vulnerability from cvelistv5
Published
2024-11-21 20:34
Modified
2025-11-11 09:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Version: 0 ≤ |
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-52615",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T21:06:27.515199Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T21:12:09.339Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/avahi/avahi/",
"defaultStatus": "unaffected",
"packageName": "avahi",
"versions": [
{
"lessThan": "0.9",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.9~rc2-1.el10_0.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.8-22.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::crb",
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:0.8-22.el9_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "avahi",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"datePublic": "2024-11-15T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T09:29:37.295Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:11402",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:11402"
},
{
"name": "RHSA-2025:16441",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:16441"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-52615"
},
{
"name": "RHBZ#2326418",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2326418"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-11-15T08:39:36.023000+00:00",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2024-11-15T00:00:00+00:00",
"value": "Made public."
}
],
"title": "Avahi: avahi wide-area dns uses constant source port",
"x_redhatCweChain": "CWE-330: Use of Insufficiently Random Values"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-52615",
"datePublished": "2024-11-21T20:34:00.981Z",
"dateReserved": "2024-11-15T08:38:03.183Z",
"dateUpdated": "2025-11-11T09:29:37.295Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-10671 (GCVE-0-2025-10671)
Vulnerability from cvelistv5
Published
2025-09-18 14:32
Modified
2025-09-19 17:10
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random values. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| youth-is-as-pale-as-poetry | e-learning |
Version: 1.0 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-19T17:01:58.559280Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-19T17:10:06.866Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"JWT Token Handler"
],
"product": "e-learning",
"vendor": "youth-is-as-pale-as-poetry",
"versions": [
{
"status": "affected",
"version": "1.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "chen_yun_n (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\\exam-api\\src\\main\\java\\com\\yf\\exam\\ability\\shiro\\jwt\\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random values. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used."
},
{
"lang": "de",
"value": "Eine Schwachstelle wurde in youth-is-as-pale-as-poetry e-learning 1.0 gefunden. Es betrifft die Funktion encryptSecret der Datei e-learning-master\\exam-api\\src\\main\\java\\com\\yf\\exam\\ability\\shiro\\jwt\\JwtUtils.java der Komponente JWT Token Handler. Mittels Manipulieren mit unbekannten Daten kann eine insufficiently random values-Schwachstelle ausgenutzt werden. Der Angriff kann remote ausgef\u00fchrt werden. Das Durchf\u00fchren eines Angriffs ist mit einer relativ hohen Komplexit\u00e4t verbunden. Das Ausnutzen gilt als schwierig. Die Schwachstelle wurde \u00f6ffentlich offengelegt und k\u00f6nnte ausgenutzt werden."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-310",
"description": "Cryptographic Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-18T14:32:05.630Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-324792 | youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.324792"
},
{
"name": "VDB-324792 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.324792"
},
{
"name": "Submit #653029 | https://gitee.com/youth-is-as-pale-as-poetry/e-learning ExamSystem V1.0 Authentication Bypass Issues",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.653029"
},
{
"tags": [
"exploit"
],
"url": "https://github.com/SuJing-cy/CVE/blob/main/yfhl.md"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-18T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-09-18T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-09-18T07:45:34.000Z",
"value": "VulDB entry last update"
}
],
"title": "youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-10671",
"datePublished": "2025-09-18T14:32:05.630Z",
"dateReserved": "2025-09-18T05:40:30.834Z",
"dateUpdated": "2025-09-19T17:10:06.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-10745 (GCVE-0-2025-10745)
Vulnerability from cvelistv5
Published
2025-09-26 03:25
Modified
2025-09-26 19:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
The Banhammer – Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide “secret key” being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin’s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| specialk | Banhammer – Monitor Site Traffic, Block Bad Users and Bots |
Version: * ≤ 3.4.8 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-10745",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-09-26T19:32:14.193040Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T19:32:24.596Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots",
"vendor": "specialk",
"versions": [
{
"lessThanOrEqual": "3.4.8",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Jonas Benjamin Friedli"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots plugin for WordPress is vulnerable to Blocking Bypass in all versions up to, and including, 3.4.8. This is due to a site-wide \u201csecret key\u201d being deterministically generated from a constant character set using md5() and base64_encode() and then stored in the `banhammer_secret_key` option. This makes it possible for unauthenticated attackers to bypass the plugin\u2019s logging and blocking by appending a GET parameter named `banhammer-process_{SECRET}` where `{SECRET}` is the predictable value, thereby causing Banhammer to abort its protections for that request."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-26T03:25:34.436Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/97c46a13-6981-426f-b24a-c9820657042f?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-functions.php#L336"
},
{
"url": "https://plugins.trac.wordpress.org/browser/banhammer/trunk/inc/banhammer-core.php#L101"
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365979%40banhammer\u0026new=3365979%40banhammer\u0026sfp_email=\u0026sfph_mail="
},
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3365087%40banhammer\u0026new=3365087%40banhammer\u0026sfp_email=\u0026sfph_mail="
}
],
"timeline": [
{
"lang": "en",
"time": "2025-09-19T20:59:34.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-09-25T14:27:24.000+00:00",
"value": "Disclosed"
}
],
"title": "Banhammer \u2013 Monitor Site Traffic, Block Bad Users and Bots \u003c= 3.4.8 - Unauthenticated Protection Mechanism Bypass"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-10745",
"datePublished": "2025-09-26T03:25:34.436Z",
"dateReserved": "2025-09-19T19:27:00.940Z",
"dateUpdated": "2025-09-26T19:32:24.596Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-12787 (GCVE-0-2025-12787)
Vulnerability from cvelistv5
Published
2025-11-11 11:03
Modified
2025-11-14 15:29
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
The Hydra Booking — Appointment Scheduling & Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin's "tfhb_meeting_form_submit_callback" function using insufficiently random values to generate booking cancellation tokens, combined with a globally shared nonce. This makes it possible for unauthenticated attackers to cancel arbitrary bookings via brute force attacks against the tfhb_meeting_form_cencel AJAX endpoint.
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| themefic | Hydra Booking — Appointment Scheduling & Booking Calendar |
Version: * ≤ 1.1.27 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-12787",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-14T15:24:03.918929Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-14T15:29:36.323Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Hydra Booking \u2014 Appointment Scheduling \u0026 Booking Calendar",
"vendor": "themefic",
"versions": [
{
"lessThanOrEqual": "1.1.27",
"status": "affected",
"version": "*",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Ahmad Salem"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Hydra Booking \u2014 Appointment Scheduling \u0026 Booking Calendar plugin for WordPress is vulnerable to unauthorized booking cancellation in all versions up to, and including, 1.1.27. This is due to the plugin\u0027s \"tfhb_meeting_form_submit_callback\" function using insufficiently random values to generate booking cancellation tokens, combined with a globally shared nonce. This makes it possible for unauthenticated attackers to cancel arbitrary bookings via brute force attacks against the tfhb_meeting_form_cencel AJAX endpoint."
}
],
"metrics": [
{
"cvssV3_1": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-11T11:03:45.316Z",
"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"shortName": "Wordfence"
},
"references": [
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/490dd84f-7c03-43c7-b4e1-167fa2b15c03?source=cve"
},
{
"url": "https://plugins.trac.wordpress.org/changeset/3392864/hydra-booking/tags/1.1.28/app/Shortcode/HydraBookingShortcode.php?old=3392467\u0026old_path=hydra-booking%2Ftags%2F1.1.27%2Fapp%2FShortcode%2FHydraBookingShortcode.php"
}
],
"timeline": [
{
"lang": "en",
"time": "2025-10-28T00:00:00.000+00:00",
"value": "Discovered"
},
{
"lang": "en",
"time": "2025-11-06T00:26:23.000+00:00",
"value": "Vendor Notified"
},
{
"lang": "en",
"time": "2025-11-10T22:27:05.000+00:00",
"value": "Disclosed"
}
],
"title": "Hydra Booking \u2013 All in One Appointment Booking System | Appointment Scheduling, Booking Calendar \u0026 WooCommerce Bookings \u003c= 1.1.27 - Unauthenticated Arbitrary Booking Cancellation via Weak Hash Generation"
}
},
"cveMetadata": {
"assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
"assignerShortName": "Wordfence",
"cveId": "CVE-2025-12787",
"datePublished": "2025-11-11T11:03:45.316Z",
"dateReserved": "2025-11-05T23:23:11.777Z",
"dateUpdated": "2025-11-14T15:29:36.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-13470 (GCVE-0-2025-13470)
Vulnerability from cvelistv5
Published
2025-11-21 17:05
Modified
2025-11-21 17:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
In RNP version 0.18.0 a refactoring regression causes the symmetric
session key used for Public-Key Encrypted Session Key (PKESK) packets to
be left uninitialized except for zeroing, resulting in it always being
an all-zero byte array.
Any data encrypted using public-key encryption
in this release can be decrypted trivially by supplying an all-zero
session key, fully compromising confidentiality.
The vulnerability affects only public key encryption (PKESK packets). Passphrase-based encryption (SKESK packets) is not affected.
Root cause: Vulnerable session key buffer used in PKESK packet generation.
The defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization
logic inside `encrypted_build_skesk()` only randomized the key for the
SKESK path and omitted it for the PKESK path.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-13470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-21T17:35:25.938705Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:35:33.645Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "RNP",
"repo": "https://github.com/rnpgp/rnp",
"vendor": "Ribose",
"versions": [
{
"status": "affected",
"version": "0.18.0"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Johannes Roth (MTG AG)"
}
],
"datePublic": "2025-11-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eIn RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\u003c/p\u003e\u003cp\u003eAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\u003cbr\u003e\u003cbr\u003eThe vulnerability affects only public key encryption (PKESK packets).\u0026nbsp; Passphrase-based encryption (SKESK packets) is not affected.\u003cbr\u003e\u003cbr\u003eRoot cause: Vulnerable session key buffer used in PKESK packet generation.\u003cbr\u003e\u003c/p\u003e\n\u003cp\u003eThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path.\u003c/p\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "In RNP version 0.18.0 a refactoring regression causes the symmetric \nsession key used for Public-Key Encrypted Session Key (PKESK) packets to\n be left uninitialized except for zeroing, resulting in it always being \nan all-zero byte array.\n\nAny data encrypted using public-key encryption \nin this release can be decrypted trivially by supplying an all-zero \nsession key, fully compromising confidentiality.\n\nThe vulnerability affects only public key encryption (PKESK packets).\u00a0 Passphrase-based encryption (SKESK packets) is not affected.\n\nRoot cause: Vulnerable session key buffer used in PKESK packet generation.\n\n\n\nThe defect was introduced in commit `7bd9a8dc356aae756b40755be76d36205b6b161a` where initialization \nlogic inside `encrypted_build_skesk()` only randomized the key for the \nSKESK path and omitted it for the PKESK path."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cul\u003e\u003cli\u003eDecryption succeeds for affected ciphertext using an all-zero session key.\u003c/li\u003e\u003cli\u003eAttack requires only possession of the ciphertext.\u003c/li\u003e\u003cli\u003ePrivate keys are not exposed.\u0026nbsp; Vulnerability is limited to session key generation path.\u003c/li\u003e\u003c/ul\u003e"
}
],
"value": "* Decryption succeeds for affected ciphertext using an all-zero session key.\n * Attack requires only possession of the ciphertext.\n * Private keys are not exposed.\u00a0 Vulnerability is limited to session key generation path."
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Confidentiality issue for PKESK-encrypted data"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "YES",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"exploitMaturity": "PROOF_OF_CONCEPT",
"privilegesRequired": "NONE",
"providerUrgency": "RED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/AU:Y/RE:H/U:Red",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "HIGH"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-21T17:17:44.765Z",
"orgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3",
"shortName": "Ribose"
},
"references": [
{
"name": "Introducing commit",
"tags": [
"related"
],
"url": "https://github.com/rnpgp/rnp/commit/7bd9a8dc356aae756b40755be76d36205b6b161a"
},
{
"name": "Ubuntu package",
"tags": [
"x_downstream-package"
],
"url": "https://launchpad.net/ubuntu/+source/rnp"
},
{
"name": "Arch Linux AUR package",
"tags": [
"x_downstream-package"
],
"url": "https://aur.archlinux.org/packages/rnp"
},
{
"name": "Bugzilla report (may become public)",
"tags": [
"x_downstream_package"
],
"url": "https://packages.gentoo.org/packages/dev-util/librnp"
},
{
"tags": [
"issue-tracking"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2415863"
},
{
"tags": [
"third-party-advisory"
],
"url": "https://access.redhat.com/security/cve/cve-2025-13402"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://open.ribose.com/advisories/ra-2025-11-20/"
},
{
"tags": [
"release-notes"
],
"url": "https://github.com/rnpgp/rnp/releases/tag/v0.18.1"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cb\u003eFor standalone RNP users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUpgrade to RNP 0.18.1 when available.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor distributions that have packaged 0.18.0:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003ePlease update to 0.18.1 when released, or consider providing 0.17.1 as an\u003cbr\u003einterim option.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor Thunderbird packages using system RNP:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\u003cbr\u003e\u003cbr\u003e\u003cb\u003eFor all other users:\u003c/b\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003eUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "For standalone RNP users:\n\n\nUpgrade to RNP 0.18.1 when available.\n\nFor distributions that have packaged 0.18.0:\n\n\nPlease update to 0.18.1 when released, or consider providing 0.17.1 as an\ninterim option.\n\nFor Thunderbird packages using system RNP:\n\n\nIf your Thunderbird package is built with system RNP support and RNP 0.18.0 is installed, update RNP to 0.18.1 or 0.17.1. Consider whether Thunderbird should continue using system RNP or switch to bundled RNP.\n\nFor all other users:\n\n\nUsers who encrypted sensitive data using RNP 0.18.0 (standalone or via Thunderbird with system RNP 0.18.0) should re-encrypt that data with RNP 0.18.1 or 0.17.1 based on their security requirements."
}
],
"source": {
"discovery": "EXTERNAL"
},
"timeline": [
{
"lang": "en",
"time": "2025-06-19T00:00:00.000Z",
"value": "RNP 0.18.0 released (vulnerability introduced)."
},
{
"lang": "en",
"time": "2025-11-07T00:00:00.000Z",
"value": "Vulnerability discovered and reported by Johannes Roth (MTG AG)."
},
{
"lang": "en",
"time": "2025-11-19T00:00:00.000Z",
"value": "CVE-2025-13402 assigned by Red Hat."
},
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "CVE-2025-13470 assigned by Ribose/MITRE."
},
{
"lang": "en",
"time": "2025-11-20T00:00:00.000Z",
"value": "Fix developed and tested."
},
{
"lang": "en",
"time": "2025-11-21T00:00:00.000Z",
"value": "Planned release date for RNP 0.18.1."
},
{
"lang": "en",
"time": "2025-11-21T00:00:00.000Z",
"value": "Public disclosure (same day as release)."
}
],
"title": "RNP 0.18.0 Vulnerable PKESK session keys",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No workaround.\u0026nbsp; All PKESK-encrypted ciphertext produced with 0.18.0 is compromised.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "No workaround.\u00a0 All PKESK-encrypted ciphertext produced with 0.18.0 is compromised."
}
],
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "6504adb2-f5e9-4c9b-9eda-5e19c93bd9b3",
"assignerShortName": "Ribose",
"cveId": "CVE-2025-13470",
"datePublished": "2025-11-21T17:05:15.683Z",
"dateReserved": "2025-11-20T08:36:59.270Z",
"dateUpdated": "2025-11-21T17:35:33.645Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-59371 (GCVE-0-2025-59371)
Vulnerability from cvelistv5
Published
2025-11-25 07:30
Modified
2025-11-26 04:55
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models.
Refer to the 'Security Update for ASUS Router Firmware' section on the ASUS Security Advisory for more information.
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-59371",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-11-25T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-11-26T04:55:22.194Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Router",
"vendor": "ASUS",
"versions": [
{
"status": "affected",
"version": "3.0.0.4_386"
},
{
"status": "affected",
"version": "3.0.0.4_388"
},
{
"status": "affected",
"version": "3.0.0.6_102"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:asus:router:3.0.0.4_386:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asus:router:3.0.0.4_388:*:*:*:*:*:*:*",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:asus:router:3.0.0.6_102:*:*:*:*:*:*:*",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "OR"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models.\u003cbr\u003eRefer to the \u0027Security Update for ASUS Router Firmware\u0027 section on the ASUS Security Advisory for more information.\u003cbr\u003e\u003cbr\u003e"
}
],
"value": "An authentication bypass vulnerability has been identified in the IFTTT integration feature. A remote, authenticated attacker could leverage this vulnerability to potentially gain unauthorized access to the device. This vulnerability does not affect Wi-Fi 7 series models.\nRefer to the \u0027Security Update for ASUS Router Firmware\u0027 section on the ASUS Security Advisory for more information."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"exploitMaturity": "NOT_DEFINED",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330: Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-11-25T07:30:34.849Z",
"orgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"shortName": "ASUS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://www.asus.com/security-advisory/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "54bf65a7-a193-42d2-b1ba-8e150d3c35e1",
"assignerShortName": "ASUS",
"cveId": "CVE-2025-59371",
"datePublished": "2025-11-25T07:30:34.849Z",
"dateReserved": "2025-09-15T01:36:47.358Z",
"dateUpdated": "2025-11-26T04:55:22.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-6515 (GCVE-0-2025-6515)
Vulnerability from cvelistv5
Published
2025-10-20 16:13
Modified
2025-10-20 16:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-330 - Use of Insufficiently Random Values
Summary
The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server.
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6515",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-10-20T16:33:42.234883Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:33:47.787Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "oatpp-mcp",
"vendor": "oatpp",
"versions": [
{
"status": "affected",
"version": "0",
"versionType": "cpe"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThe MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server. \u003c/p\u003e"
}
],
"value": "The MCP SSE endpoint in oatpp-mcp returns an instance pointer as the session ID, which is not unique nor cryptographically secure. This allows network attackers with access to the oatpp-mcp server to guess future session IDs and hijack legitimate client MCP sessions, returning malicious responses from the oatpp-mcp server."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "CWE-330 Use of Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-10-20T16:13:43.527Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"tags": [
"third-party-advisory"
],
"url": "https://research.jfrog.com/vulnerabilities/oatpp-mcp-prompt-hijacking-jfsa-2025-001494691/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Reuse of session IDs in oatpp-mcp leads to session hijacking and prompt hijacking by remote attackers"
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2025-6515",
"datePublished": "2025-10-20T16:13:43.527Z",
"dateReserved": "2025-06-23T10:56:07.978Z",
"dateUpdated": "2025-10-20T16:33:47.787Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6931 (GCVE-0-2025-6931)
Vulnerability from cvelistv5
Published
2025-06-30 22:32
Modified
2025-07-01 13:45
Severity ?
VLAI Severity ?
EPSS score ?
Summary
A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6931",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-01T13:45:36.961287Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-01T13:45:40.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "http://cdn2.v50to.cc/dlink/DCS-6517B1_FW_v2.02.01/report_3.pdf"
},
{
"tags": [
"exploit"
],
"url": "http://cdn2.v50to.cc/dlink/DCS-7517_B1_FW_v2.02.01/report_1.pdf"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"modules": [
"Root Password Generation Handler"
],
"product": "DCS-6517",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.02"
}
]
},
{
"modules": [
"Root Password Generation Handler"
],
"product": "DCS-7517",
"vendor": "D-Link",
"versions": [
{
"status": "affected",
"version": "2.02"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "CookedMelon (VulDB User)"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as problematic was found in D-Link DCS-6517 and DCS-7517 up to 2.02.0. Affected by this vulnerability is the function generate_pass_from_mac of the file /bin/httpd of the component Root Password Generation Handler. The manipulation leads to insufficient entropy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer."
},
{
"lang": "de",
"value": "In D-Link DCS-6517 and DCS-7517 bis 2.02.0 wurde eine problematische Schwachstelle entdeckt. Dabei geht es um die Funktion generate_pass_from_mac der Datei /bin/httpd der Komponente Root Password Generation Handler. Durch Manipulieren mit unbekannten Daten kann eine insufficient entropy-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei \u00fcber das Netzwerk erfolgen. Die Komplexit\u00e4t eines Angriffs ist eher hoch. Sie gilt als schwierig ausnutzbar. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
}
],
"metrics": [
{
"cvssV4_0": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P",
"version": "4.0"
}
},
{
"cvssV3_1": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.1"
}
},
{
"cvssV3_0": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R",
"version": "3.0"
}
},
{
"cvssV2_0": {
"baseScore": 2.6,
"vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N/E:POC/RL:ND/RC:UR",
"version": "2.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-331",
"description": "Insufficient Entropy",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-330",
"description": "Insufficiently Random Values",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-30T22:32:09.468Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"name": "VDB-314443 | D-Link DCS-6517/DCS-7517 Root Password Generation httpd generate_pass_from_mac entropy",
"tags": [
"vdb-entry",
"technical-description"
],
"url": "https://vuldb.com/?id.314443"
},
{
"name": "VDB-314443 | CTI Indicators (IOB, IOC, TTP, IOA)",
"tags": [
"signature",
"permissions-required"
],
"url": "https://vuldb.com/?ctiid.314443"
},
{
"name": "Submit #605592 | dlink DCS-6517B1 below or equal v2.02.01 hardcode weak password",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.605592"
},
{
"name": "Submit #605593 | dlink DCS-7517B1 below or equal v2.02.01 predictable weak password (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.605593"
},
{
"name": "Submit #605596 | dlink DCS-7517B1 below or equal v2.02.01 hardcode weak password (Duplicate)",
"tags": [
"third-party-advisory"
],
"url": "https://vuldb.com/?submit.605596"
},
{
"tags": [
"related"
],
"url": "http://cdn2.v50to.cc/dlink/DCS-6517B1_FW_v2.02.01/report_3.pdf"
},
{
"tags": [
"exploit"
],
"url": "http://cdn2.v50to.cc/dlink/DCS-7517_B1_FW_v2.02.01/report_1.pdf"
},
{
"tags": [
"product"
],
"url": "https://www.dlink.com/"
}
],
"tags": [
"unsupported-when-assigned"
],
"timeline": [
{
"lang": "en",
"time": "2025-06-30T00:00:00.000Z",
"value": "Advisory disclosed"
},
{
"lang": "en",
"time": "2025-06-30T02:00:00.000Z",
"value": "VulDB entry created"
},
{
"lang": "en",
"time": "2025-06-30T17:57:46.000Z",
"value": "VulDB entry last update"
}
],
"title": "D-Link DCS-6517/DCS-7517 Root Password Generation httpd generate_pass_from_mac entropy"
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2025-6931",
"datePublished": "2025-06-30T22:32:09.468Z",
"dateReserved": "2025-06-30T15:52:42.960Z",
"dateUpdated": "2025-07-01T13:45:40.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Mitigation
Phase: Architecture and Design
Description:
- Use a well-vetted algorithm that is currently considered to be strong by experts in the field, and select well-tested implementations with adequate length seeds.
- In general, if a pseudo-random number generator is not advertised as being cryptographically secure, then it is probably a statistical PRNG and should not be used in security-sensitive contexts.
- Pseudo-random number generators can produce predictable numbers if the generator is known and the seed can be guessed. A 256-bit seed is a good starting point for producing a "random enough" number.
Mitigation
Phase: Implementation
Description:
- Consider a PRNG that re-seeds itself as needed from high quality pseudo-random output sources, such as hardware devices.
Mitigation
Phase: Testing
Description:
- Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
Mitigation ID: MIT-2
Phases: Architecture and Design, Requirements
Strategy: Libraries or Frameworks
Description:
- Use products or modules that conform to FIPS 140-2 [REF-267] to avoid obvious entropy problems. Consult FIPS 140-2 Annex C ("Approved Random Number Generators").
Mitigation
Phase: Testing
Description:
- Use tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules.
CAPEC-112: Brute Force
In this attack, some asset (information, functionality, identity, etc.) is protected by a finite secret value. The attacker attempts to gain access to this asset by using trial-and-error to exhaustively explore all the possible secret values in the hope of finding the secret (or a value that is functionally equivalent) that will unlock the asset.
CAPEC-485: Signature Spoofing by Key Recreation
An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
CAPEC-59: Session Credential Falsification through Prediction
This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.