CVE-2025-27580

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-335
View all →

Vulnerability Description

NIH BRICS (aka Biomedical Research Informatics Computing System) through 14.0.0-67 generates predictable tokens (that depend on username, time, and the fixed 7Dl9#dj- string) and thus allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators.

Related Vulnerabilities

CVE-2016-10180

HIGH
CVSS:7.5(High)

An issue was discovered on the D-Link DWR-932B router. WPS PIN generation is based on srand(time(0)) seeding.

CWE-3352016

CVE-2017-5214

HIGH
CVSS:7.5(High)

The Codextrous B2J Contact (aka b2j_contact) extension before 2.1.13 for Joomla! allows prediction of a uniqid value based on knowledge of a time value. This makes it easier to read arbitrary uploaded...

CWE-3352017

CVE-2019-25061

HIGH
CVSS:7.5(High)

The random_password_generator (aka RandomPasswordGenerator) gem through 1.0.0 for Ruby uses Kernel#rand to generate passwords, which, due to its cyclic nature, can facilitate password prediction.

CWE-3352019

CVE-2020-13784

HIGH
CVSS:7.5(High)

D-Link DIR-865L Ax 1.20B01 Beta devices have a predictable seed in a Pseudo-Random Number Generator.

CWE-3352020

CVE-2020-7010

HIGH
CVSS:7.5(High)

Elastic Cloud on Kubernetes (ECK) versions prior to 1.1.0 generate passwords using a weak random number generator. If an attacker is able to determine when the current Elastic Stack cluster was deploy...

CWE-3352020

CVE-2021-27211

HIGH
CVSS:7.5(High)

steghide 0.5.1 relies on a certain 32-bit seed value, which makes it easier for attackers to detect hidden data.

CWE-3352021