CVE-2025-22376

MEDIUM Year: 2025
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-338
View all →

Vulnerability Description

In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong.

Related Vulnerabilities

CVE-2012-6124

MEDIUM
CVSS:5.3(Medium)

A casting error in Chicken before 4.8.0 on 64-bit platform caused the random number generator to return a constant value. NOTE: the vendor states "This function wasn't used for security purposes (and ...

CWE-3382012

CVE-2019-7855

MEDIUM
CVSS:5.3(Medium)

A cryptograhic flaw in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2 could be abused by an unauthenticated user to discover an invariant used in gift card generat...

CWE-3382019

CVE-2019-8113

MEDIUM
CVSS:5.3(Medium)

Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1 uses cryptographically weak random number generator to brute-force the confirmation code for customer registration.

CWE-3382019

CVE-2021-23126

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in Joomla! 3.2.0 through 3.9.24. Usage of the insecure rand() function within the process of generating the 2FA secret.

CWE-3382021

CVE-2021-29245

MEDIUM
CVSS:5.3(Medium)

BTCPay Server through 1.0.7.0 uses a weak method Next to produce pseudo-random values to generate a legacy API key.

CWE-3382021

CVE-2023-50059

MEDIUM
CVSS:5.3(Medium)

An issue ingalxe.com Galxe platform 1.0 allows a remote attacker to obtain sensitive information via the Web3 authentication process of Galxe, the signed message lacks a nonce (random number)

CWE-3382023