CVE-2025-1860 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-1860 at MITRE

Description

Data::Entropy for Perl 0.007 and earlier use the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions.

SUSE information

Overall state of this security issue: Resolved

This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.

SUSE Bugzilla entry: 1240395 [IN_PROGRESS]

SUSE Security Advisories:

openSUSE-SU-2025:14960-1, published Thu Apr 3 18:50:39 2025

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`perl-Data-Entropy >= 0.8.0-1.1`	Patchnames: openSUSE-Tumbleweed-2025-14960

SUSE Timeline for this CVE

CVE page created: Fri Mar 28 04:00:11 2025
CVE page last modified: Tue Apr 8 17:13:03 2025