Critical severity9.1NVD Advisory· Published Mar 31, 2026· Updated Apr 13, 2026

CVE-2025-15618

Description

Business::OnlinePayment::StoredTransaction versions through 0.01 for Perl uses an insecure secret key.

Business::OnlinePayment::StoredTransaction generates a secret key by using a MD5 hash of a single call to the built-in rand function, which is unsuitable for cryptographic use.

This key is intended for encrypting credit card transaction data.

Affected products

Mock/Business\
cpe:2.3:a:mock:business\:\:onlinepayment\:\:storedtransaction:0.01:*:*:*:*:perl:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.metacpan.org/patches/B/Business-OnlinePayment-StoredTransaction/0.01/CVE-2025-15618-r1.patchnvdPatch
www.openwall.com/lists/oss-security/2026/03/31/7nvdMailing ListThird Party Advisory
metacpan.org/dist/Business-OnlinePayment-StoredTransaction/source/lib/Business/OnlinePayment/StoredTransaction.pmnvdProduct

News mentions

No linked articles in our index yet.

cvss	0.591
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000