CVE-2025-1860 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CPANSec	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	7.7 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 7%

Debian Releases

Debian Product

Codename

libdata-entropy-perl

bullseye	vulnerable
bullseye (security)	0.007-3.1+deb11u1 fixed
bookworm	0.007-4+deb12u1 fixed
forky	0.008-1 fixed
sid	0.008-1 fixed
trixie	0.008-1 fixed

Common Weakness Enumeration

CWE-331 - Insufficient Entropy
The software uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

References

https://metacpan.org/release/ZEFRAM/Data-Entropy-0.007/source/lib/Data/Entropy.pm#L80

https://perldoc.perl.org/functions/rand

https://lists.debian.org/debian-lts-announce/2025/03/msg00026.html