CVE Vulnerabilities

CVE-2026-25235

Predictable Seed in Pseudo-Random Number Generator (PRNG)

Published: Feb 03, 2026 | Modified: Feb 05, 2026
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
root.io logo minimus.io logo echo.ai logo

PEAR is a framework and distribution system for reusable PHP components. Prior to version 1.33.0, predictable verification hashes may allow attackers to guess verification tokens and potentially verify election account requests without authorization. This issue has been patched in version 1.33.0.

Weakness

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

Affected Software

NameVendorStart VersionEnd Version
PearwebPear*1.33.0 (excluding)

Potential Mitigations

References