CVE-2025-15618

CVE-2025-15618: Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

Vendor Mock
Product Business::OnlinePayment::StoredTransaction
Weakness CWE-338
Published March 31, 2026
Last update March 31, 2026

CVSS base score

What the vulnerability does

01Description

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key. Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use. This key is intended for encrypting credit card transaction data.

Key dates

02Disclosure timeline

March 31, 2026 CVE published
March 31, 2026 Record updated