Unrated severityNVD Advisory· Published Dec 9, 2025· Updated Dec 9, 2025
WBCE CMS has Weak Random Number Generator in Password Generation Function
CVE-2025-67504
Description
WBCE CMS is a content management system. Versions 1.6.4 and below use function GenerateRandomPassword() to create passwords using PHP's rand(). rand() is not cryptographically secure, which allows password sequences to be predicted or brute-forced. This can lead to user account compromise or privilege escalation if these passwords are used for new accounts or password resets. The vulnerability is fixed in version 1.6.5.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
4- cwe.mitre.org/data/definitions/338.htmlmitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/commit/5d59fe021a5c6e469b1bf192b72ca652e54278f6mitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/releases/tag/1.6.5mitrex_refsource_MISC
- github.com/WBCE/WBCE_CMS/security/advisories/GHSA-76gj-pmvx-jcc6mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.