CVE-2025-21617 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
GitHub_M	CNA	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 29%

Common Weakness Enumeration

CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References

https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192

https://github.com/guzzle/oauth-subscriber/commit/92b619b03bd21396e51c62e6bce83467d2ce8f53

https://github.com/guzzle/oauth-subscriber/releases/tag/0.8.1

https://github.com/guzzle/oauth-subscriber/security/advisories/GHSA-237r-r8m4-4q88