Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
WBCE CMS has Weak Random Number Generator in Password Generation Function
CVE-2025-67504
Description
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
4- cwe.mitre.org/data/definitions/338.htmlmitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/commit/5d59fe021a5c6e469b1bf192b72ca652e54278f6mitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/releases/tag/1.6.5mitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.