CVE-2025-2814 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
CPANSec	CNA	---				---
CISA-ADP	ADP	4 MEDIUM	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

libcrypt-cbc-perl

bullseye	unimportant
bookworm	unimportant
trixie	unimportant
forky	3.07-1 fixed
sid	3.07-1 fixed

Common Weakness Enumeration

CWE-329 - Generation of Predictable IV with CBC Mode
The product generates and uses a predictable initialization Vector (IV) with Cipher Block Chaining (CBC) Mode, which causes algorithms to be susceptible to dictionary attacks when they are encrypted under the same key.
CWE-338 - Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)
The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.

References

https://github.com/lstein/Lib-Crypt-CBC/commit/37111f7cd894bcec46156ba7f40a49c126ebf535.patch

https://metacpan.org/dist/Crypt-CBC/source/lib/Crypt/CBC.pm#L777

https://perldoc.perl.org/functions/rand

https://security.metacpan.org/docs/guides/random-data-for-security.html