CVE-2025-2814 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-2814 Interim 1 3 2025-09-22T08:10:09Z current 2025-04-15T23:17:09Z 2025-09-22T08:10:09Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-2814 Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Tumbleweed perl-Crypt-CBC-3.70.0-1.1 perl-Crypt-CBC-3.70.0-1.1 as a component of openSUSE Tumbleweed Crypt::CBC versions between 1.21 and 3.05 for Perl may use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. This issue affects operating systems where "/dev/urandom'" is unavailable. In that case, Crypt::CBC will fallback to use the insecure rand() function. CVE-2025-2814 openSUSE Tumbleweed:perl-Crypt-CBC-3.70.0-1.1 moderate