Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00024.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

No data.

No data.

No data.

No data.

References
Link Providers
https://metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm#L64-75 cve-icon cve-icon
https://security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch cve-icon cve-icon
History

Tue, 31 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
Description Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.
Title Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key
Weaknesses CWE-338
CWE-693
References
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-03-31T10:04:34.763Z

Reserved: 2026-03-29T14:46:35.859Z

Link: CVE-2025-15618

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-31T11:16:11.950

Modified: 2026-03-31T11:16:11.950

Link: CVE-2025-15618

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.