GO-2026-4471 Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() on crypto/rand failure in github.com/gofiber/fiber

Fiber has an insecure fallback in utils.UUIDv4 / utils.UUID — predictable / zero‑UUID on crypto/rand failure in github.com/gofiber/fiber...

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by the Fiber v2 UUID functions, application code may...

Fiber has an insecure fallback in utils.UUIDv4() / utils.UUID() — predictable / zero‑UUID on crypto/rand failure

Fiber v2 contains an internal vendored copy of gofiber/utils, and its functions UUIDv4 and UUID inherit the same critical weakness described in the upstream advisory. On Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtaine...

EUVD-2025-201791

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, including the zero UUID...

Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values

Summary Critical security vulnerabilities exist in both the UUIDv4 and UUID functions of the github.com/gofiber/utils package. When the system's cryptographic random number generator crypto/rand fails, both functions silently fall back to returning predictable UUID values, the zero UUID...

PT-2024-40424 · Stormpath · Stormpath-Sdk-Php

Name of the Vulnerable Software and Affected Versions: stormpath-sdk-php affected versions not specified Description: The issue is related to the use of an insecure random number generator RNG in the generation of UUID version 4 within the codebase. Recommendations: At the moment, there is no...

Insecure Random Number Generator

Insecure RNG: https://github.com/stormpath/stormpath-sdk-php/blob/15aee3007b8aa41c20cdf28fd650b8a2368a7fa9/src/Util/UUID.phpL167-L181 Insecure RNG fallback: https://github.com/stormpath/stormpath-sdk-php/blob/62698ea98ef89217f932e28cf3e511d39af3b4cf/src/Authc/Api/ApiKeyEncryptionOptions.phpL48-L5...

Insecure Random Number Generator

Insecure RNG: stormpath-sdk-php/src/Util/UUID.php Lines 167 to 181 in 15aee30 / Generate an UUID version 4 pseudo random / static private function generateRandom$ns, $node $uuid = self::$muuidfield; $uuid'timehi' = 4 12 | mtrand0, 0x1000; $uuid'clockseqhi' = 1 7 | mtrand0, 128; $uuid'timelow' =...