CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key

🗓️ 31 Mar 2026 10:04:34Reported by CPANSecType

CVE-2025-15618: StoredTransaction uses an insecure MD5-based key from rand for credit card data.

Reporter	Title	Published	Views	Family All 9
ATTACKERKB	CVE-2025-15618	31 Mar 202610:04	–	attackerkb
Circl	CVE-2025-15618	31 Mar 202616:32	–	circl
CNNVD	MOCK Business::OnlinePayment::StoredTransaction 安全漏洞	31 Mar 202600:00	–	cnnvd
CVE	CVE-2025-15618	31 Mar 202610:04	–	cve
EUVD	EUVD-2025-209143	31 Mar 202612:31	–	euvd
NVD	CVE-2025-15618	31 Mar 202611:16	–	nvd
Positive Technologies	PT-2026-29217	31 Mar 202600:00	–	ptsecurity
RedhatCVE	CVE-2025-15618	1 Apr 202610:58	–	redhatcve
Vulnrichment	CVE-2025-15618 Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key	31 Mar 202610:04	–	vulnrichment

[
  {
    "collectionURL": "https://cpan.org/modules",
    "defaultStatus": "unaffected",
    "packageName": "Business-OnlinePayment-StoredTransaction",
    "product": "Business::OnlinePayment::StoredTransaction",
    "programRoutines": [
      {
        "name": "Business::OnlinePayment::StoredTransaction::submit"
      }
    ],
    "vendor": "MOCK",
    "versions": [
      {
        "lessThanOrEqual": "0.01",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
security	www.security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patch
metacpan	www.metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pm

31 Mar 2026 10:04Current

EPSS0.00328