Vulnerability in Tokuhirom Amon2
CVE-2025-15604
Amon2 versions before 6.17 for Perl use an insecure random_string implementation for security functions. In versions 6.06 through 6.16, the random_string function will attempt to read bytes from the /dev/urandom device, but if that is una…
EPSS: 0.000 (6.9th percentile) — read the EPSS interpretation.
Affected products
- Tokuhirom Amon2 — versions 0
Weakness classification (CWE)
References
- metacpan.org/release/TOKUHIROM/Amon2-6.17/diff/TOKUHIROM/Amon2-6.16
- metacpan.org/release/TOKUHIROM/Amon2-6.17/changes (release-notes)
- github.com/tokuhirom/Amon/pull/135 (issue-tracking)
- security.metacpan.org/docs/guides/random-data-for-security.html (technical-description)