CVE-2025-15618 - Vulnerability Analysis
CriticalCVSS: 9.1Last Updated: March 31, 2026
Business::OnlinePayment::StoredTransaction - Weak Cryptography
Overview
Business::OnlinePayment::StoredTransaction <= 0.01 contains weak cryptography caused by using MD5 hash of a single rand call for secret key generation, letting attackers potentially decrypt credit card transaction data, exploit requires access to encrypted data.
Severity & Score
Impact
Attackers can potentially decrypt sensitive credit card transaction data due to weak key generation.
Mitigation
Update to the latest version with secure cryptographic key generation.
References
Social Media Activity(2 posts)
š“ CVE-2025-15618 - Critical (9.1) Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is ... š https://www.thehackerwire.com/vulnerability/CVE-2025-15618/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original post
š“ CVE-2025-15618 - Critical (9.1) Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is ... š https://www.thehackerwire.com/vulnerability/CVE-2025-15618/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2025-15618
- Severity
- Critical
- CVSS Score
- 9.1
- Type
- weak_cryptography
- Status
- new
- EPSS
- 2.4%
- Social Posts
- 2
CWE
- CWE-338
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N