CWE-335
AllowedIncorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
Abstraction: Base · Status: Draft
The product uses a Pseudo-Random Number Generator (PRNG) but does not correctly manage seeds.
53 vulnerabilities reference this CWE, most recent first.
GHSA-9567-RH6Q-RF53
Vulnerability from github – Published: 2025-11-18 06:30 – Updated: 2025-11-18 06:30Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM may allow a sophisticated attacker with physical access, to compromise internal device communications.
This issue affects Command Centre Server:
9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)), all versions of 9.00 and prior.
{
"affected": [],
"aliases": [
"CVE-2025-52578"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-11-18T04:15:44Z",
"severity": "MODERATE"
},
"details": "Incorrect Usage of Seeds in Pseudo-Random Number Generator (CWE- 335) vulnerability in the High Sec ELM\u00a0may\u00a0allow a sophisticated attacker with physical access, to compromise internal device communications.\n\nThis issue affects Command Centre Server: \n\n9.30 prior to vCR9.30.251028a (distributed in 9.30.2881 (MR3)), 9.20 prior to vCR9.20.251028a (distributed in 9.20.3265 (MR5)), 9.10 prior to vCR9.10.251028a (distributed in 9.10.4135 (MR8)),\u00a0all versions of 9.00 and prior.",
"id": "GHSA-9567-rh6q-rf53",
"modified": "2025-11-18T06:30:25Z",
"published": "2025-11-18T06:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-52578"
},
{
"type": "WEB",
"url": "https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2025-52578"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-993V-35FF-PPXJ
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2022-05-13 01:46The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.
{
"affected": [],
"aliases": [
"CVE-2017-5214"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-05-17T14:29:00Z",
"severity": "HIGH"
},
"details": "The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded files.",
"id": "GHSA-993v-35ff-ppxj",
"modified": "2022-05-13T01:46:08Z",
"published": "2022-05-13T01:46:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5214"
},
{
"type": "WEB",
"url": "https://navixia.com/storage/app/media/uploaded-files/CVE/cve-2017-521415.txt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9VV4-3CF7-MQQR
Vulnerability from github – Published: 2023-01-20 09:30 – Updated: 2023-01-30 21:30Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X* or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179 and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179* and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.
{
"affected": [],
"aliases": [
"CVE-2022-40267"
],
"database_specific": {
"cwe_ids": [
"CWE-335",
"CWE-337"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-20T08:15:00Z",
"severity": "CRITICAL"
},
"details": "Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x=32,64,80, y=T,R, z=ES,DS,ESS,DSS) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-xMy/z (x=32,64,96, y=T, z=D,DSS)) with serial number 179**** and prior, and versions 1.074 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MT/DSS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-F Series FX5UC-32MR/DS-TS versions 1.280 and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU all versions, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU all versions allows a remote unauthenticated attacker to access the Web server function by guessing the random numbers used for authentication from several used random numbers.",
"id": "GHSA-9vv4-3cf7-mqqr",
"modified": "2023-01-30T21:30:44Z",
"published": "2023-01-20T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-40267"
},
{
"type": "WEB",
"url": "https://jvn.jp/vu/JVNVU99673580/index.html"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/uscert/ics/advisories/icsa-23-017-02"
},
{
"type": "WEB",
"url": "https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2022-019_en.pdf"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9VX8-499F-5QV7
Vulnerability from github – Published: 2022-05-24 17:43 – Updated: 2022-05-24 17:43A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.
{
"affected": [],
"aliases": [
"CVE-2020-28597"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-03T18:15:00Z",
"severity": "HIGH"
},
"details": "A predictable seed vulnerability exists in the password reset functionality of Epignosis EfrontPro 5.2.21. By predicting the seed it is possible to generate the correct password reset 1-time token. An attacker can visit the password reset supplying the password reset token to reset the password of an account of their choice.",
"id": "GHSA-9vx8-499f-5qv7",
"modified": "2022-05-24T17:43:31Z",
"published": "2022-05-24T17:43:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28597"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1221"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-9XPM-8WRG-VFHF
Vulnerability from github – Published: 2022-01-20 00:00 – Updated: 2022-01-26 00:02A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.
{
"affected": [],
"aliases": [
"CVE-2021-42810"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-01-19T18:15:00Z",
"severity": "HIGH"
},
"details": "A flaw in the previous versions of the product may allow an authenticated attacker the ability to execute code as a privileged user on a system where the agent is installed.",
"id": "GHSA-9xpm-8wrg-vfhf",
"modified": "2022-01-26T00:02:31Z",
"published": "2022-01-20T00:00:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-42810"
},
{
"type": "WEB",
"url": "https://cpl.thalesgroup.com/support/security-updates"
},
{
"type": "WEB",
"url": "https://github.com/mandiant/Vulnerability-Disclosures/blob/master/2022/MNDT-2022-0002/MNDT-2022-0002.md"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-CMR8-5W4C-44V8
Vulnerability from github – Published: 2022-09-20 20:45 – Updated: 2022-09-21 19:22Impact
Math.random and crypto.getRandomValues methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.
Patches
The problem has been fixed in version 0.5.3.
Corrected Math.random and crypto.getRandomValues methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and crypto.getRandomValues do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc’s random_get function, which is always a sufficiently random value.
Workarounds
There are no workarounds, you must upgrade to version 0.5.3 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "@fastly/js-compute"
},
"ranges": [
{
"events": [
{
"introduced": "0.4.0"
},
{
"fixed": "0.5.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39218"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-335"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-20T20:45:10Z",
"nvd_published_at": "2022-09-20T20:15:00Z",
"severity": "HIGH"
},
"details": "### Impact\n\n`Math.random` and `crypto.getRandomValues` methods failed to use sufficiently random values. The initial value to seed the CSPRNG (cryptographically secure pseudorandom number generator) was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. An attacker with access to that same WebAssembly module that calls the affected methods could use the fixed seed to predict random numbers generated by these functions. This information could be used to bypass cryptographic security controls, for example to disclose sensitive data encrypted by functions that use these generators.\n\n### Patches\n\nThe problem has been fixed in version 0.5.3.\n\nCorrected `Math.random` and `crypto.getRandomValues` methods to always use sufficiently random values. The previous versions would use a CSPRNG (cryptographically secure pseudorandom number generator) which we would seed with a random value. However, due to our use of Wizer, the initial value to seed the CSPRNG was baked-in to the final WebAssembly module meaning the sequence of numbers generated was predictable for that specific WebAssembly module. The new implementations of both Math.random and `crypto.getRandomValues` do not use a CSPRNG and instead pull random values from WASI (WebAssembly System Interface) libc\u2019s random_get function, which is always a sufficiently random value.\n\n### Workarounds\n\nThere are no workarounds, you must upgrade to version 0.5.3 or later.",
"id": "GHSA-cmr8-5w4c-44v8",
"modified": "2022-09-21T19:22:40Z",
"published": "2022-09-20T20:45:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/security/advisories/GHSA-cmr8-5w4c-44v8"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39218"
},
{
"type": "WEB",
"url": "https://github.com/fastly/js-compute-runtime/commit/65524ffc962644e9fc39f4b368a326b6253912a9"
},
{
"type": "PACKAGE",
"url": "https://github.com/fastly/js-compute-runtime"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Fastly Compute@Edge JS Runtime has fixed random number seed during compilation"
}
GHSA-FRJM-WVVG-4GW5
Vulnerability from github – Published: 2022-05-13 01:42 – Updated: 2022-05-13 01:42passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.
{
"affected": [],
"aliases": [
"CVE-2017-11519"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-21T21:29:00Z",
"severity": "CRITICAL"
},
"details": "passwd_recovery.lua on the TP-Link Archer C9(UN)_V2_160517 allows an attacker to reset the admin password by leveraging a predictable random number generator seed. This is fixed in C9(UN)_V2_170511.",
"id": "GHSA-frjm-wvvg-4gw5",
"modified": "2022-05-13T01:42:23Z",
"published": "2022-05-13T01:42:23Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-11519"
},
{
"type": "WEB",
"url": "https://devcraft.io/posts/2017/07/21/tp-link-archer-c9-admin-password-reset.html"
},
{
"type": "WEB",
"url": "http://www.tp-link.com/en/download/Archer-C9_V2.html#Firmware"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GCVF-QQCQ-825H
Vulnerability from github – Published: 2024-04-09 00:30 – Updated: 2025-03-26 18:30An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.
{
"affected": [],
"aliases": [
"CVE-2024-27632"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-04-08T22:15:08Z",
"severity": "HIGH"
},
"details": "An issue in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via the form_id in the form_header() function.",
"id": "GHSA-gcvf-qqcq-825h",
"modified": "2025-03-26T18:30:44Z",
"published": "2024-04-09T00:30:41Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27632"
},
{
"type": "WEB",
"url": "https://github.com/ally-petitt/CVE-2024-27632"
},
{
"type": "WEB",
"url": "https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GFH4-W8RR-X5C5
Vulnerability from github – Published: 2025-04-24 00:31 – Updated: 2025-04-24 00:31NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.
{
"affected": [],
"aliases": [
"CVE-2025-27580"
],
"database_specific": {
"cwe_ids": [
"CWE-335"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-04-24T00:15:16Z",
"severity": "HIGH"
},
"details": "NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.",
"id": "GHSA-gfh4-w8rr-x5c5",
"modified": "2025-04-24T00:31:19Z",
"published": "2025-04-24T00:31:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-27580"
},
{
"type": "WEB",
"url": "https://brics.cit.nih.gov"
},
{
"type": "WEB",
"url": "https://bugculture.io/CVE-2025-27580"
},
{
"type": "WEB",
"url": "https://github.com/RoseHacks/Vulnerability.Research/blob/main/CVE-2025-27580/README.md"
},
{
"type": "WEB",
"url": "https://github.com/brics-dev/brics"
},
{
"type": "WEB",
"url": "https://github.com/brics-dev/brics/blob/26bc6bb627a9a60e6c6a8a8c29735ae98c2e2679/core/src/main/java/gov/nih/tbi/CoreConstants.java#L38"
},
{
"type": "WEB",
"url": "https://github.com/brics-dev/brics/blob/26bc6bb627a9a60e6c6a8a8c29735ae98c2e2679/service/src/main/java/gov/nih/tbi/account/service/complex/AccountManagerImpl.java#L725-L732"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-GGFX-H9XJ-5V9C
Vulnerability from github – Published: 2022-05-19 00:00 – Updated: 2022-05-31 23:27The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.
{
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "random_password_generator"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2019-25061"
],
"database_specific": {
"cwe_ids": [
"CWE-330",
"CWE-335"
],
"github_reviewed": true,
"github_reviewed_at": "2022-05-25T20:15:34Z",
"nvd_published_at": "2022-05-18T11:15:00Z",
"severity": "HIGH"
},
"details": "The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.",
"id": "GHSA-ggfx-h9xj-5v9c",
"modified": "2022-05-31T23:27:43Z",
"published": "2022-05-19T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-25061"
},
{
"type": "WEB",
"url": "https://github.com/bvsatyaram/random_password_generator/pull/1"
},
{
"type": "PACKAGE",
"url": "https://github.com/bvsatyaram/random_password_generator"
},
{
"type": "WEB",
"url": "https://github.com/bvsatyaram/random_password_generator/blob/2855e8d7d8803dbb580ddd6cf13846394eb4530e/lib/random_password_generator.rb#L23"
},
{
"type": "WEB",
"url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/random_password_generator/CVE-2019-25061.yml"
},
{
"type": "WEB",
"url": "https://ruby-doc.org/core-3.1.2/Random.html"
},
{
"type": "WEB",
"url": "https://stackoverflow.com/questions/42170239/security-of-rand-in-ruby-compared-to-other-methods/42170560"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Insecure PRNG use in random_password_generator"
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.