Skip to main content

Windows CVE-2025-1828

HIGH
Insufficient Entropy (CWE-331)
2025-03-11 9b29abf9-4ab0-4765-b253-1875cd9b441e
8.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.8 HIGH
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
SUSE
HIGH
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 12, 2026 - 19:52 vuln.today
Patch released
Sep 29, 2025 - 22:40 nvd
Patch available
CVE Published
Mar 11, 2025 - 00:15 nvd
HIGH 8.8

DescriptionCVE.org

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.

If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.

In particular, Windows versions of perl will encounter this issue by default.

AnalysisAI

Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions. [CVSS 8.8 HIGH]

Technical ContextAI

Affects Random Perl package 1.05. Crypt::Random Perl package 1.05 through 1.55 may use rand() function, which is not cryptographically strong, for cryptographic functions.

If the Provider is not specified and /dev/urandom or an Entropy Gathering Daemon (egd) service is not available Crypt::Random will default to use the insecure Crypt::Random::rand provider.

In particular, Windows versions of perl will encounter this issue by default.

Affected ProductsAI

Product: Random Perl package 1.05. Versions: up to 1.55.

RemediationAI

A vendor patch is available — apply it immediately. Restrict network access to the affected service where possible.

CVE-2021-40444 HIGH POC
8.8 Sep 15

Windows MSHTML component contains a remote code execution vulnerability that allows attackers to craft malicious ActiveX

CVE-2021-1732 HIGH POC
7.8 Feb 25

Windows Win32k contains an out-of-bounds write vulnerability enabling local privilege escalation to SYSTEM, exploited by

CVE-2018-8174 HIGH POC
7.5 May 09

The Windows VBScript engine contains a remote code execution vulnerability in object handling that allows full system co

CVE-2019-0803 HIGH POC
7.8 Apr 09

Windows Win32k fails to properly handle objects in memory, allowing local privilege escalation exploited in the wild in

CVE-2020-1472 MEDIUM POC
5.5 Aug 17

A privilege escalation vulnerability (CVSS 5.5). Risk factors: actively exploited (KEV-listed), EPSS 94% exploitation pr

CVE-2024-30088 HIGH
7.0 Jun 11

Windows Kernel contains a TOCTOU race condition vulnerability allowing local privilege escalation, exploited by the OilR

CVE-2025-33053 HIGH POC
8.8 Jun 10

Windows Internet Shortcut Files (.url) contain an external control vulnerability (CVE-2025-33053, CVSS 8.8) that enables

CVE-2025-33073 HIGH POC
8.8 Jun 10

Windows SMB contains an improper access control vulnerability (CVE-2025-33073, CVSS 8.8) enabling authenticated attacker

CVE-2025-13315 CRITICAL POC
9.3 Nov 19

Twonky Server 8.5.2 on Linux and Windows allows unauthenticated access to the admin log file through a web service API b

CVE-2025-34101 CRITICAL POC
9.3 Jul 10

Serviio Media Server versions 1.4 through 1.8 on Windows contain an unauthenticated command injection in the /rest/actio

CVE-2025-13316 HIGH POC
8.2 Nov 19

Twonky Server 8.5.2 uses hard-coded cryptographic keys for encrypting the administrator password. Combined with the cred

CVE-2025-34095 CRITICAL POC
9.3 Jul 10

Mako Server versions 2.5 and 2.6 contain an unauthenticated OS command injection via the tutorial interface at examples/

Vendor StatusVendor

SUSE

Severity: High

Share

CVE-2025-1828 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy