How severe is CVE-2025-46653?

This vulnerability has a severity rating of LOW with a CVSS score of 3.1 out of 10.

What type of vulnerability is CVE-2025-46653?

This is classified as CWE-338, which is a common weakness in software security.

CVE-2025-46653 - LOW Severity | CVSS 3.1

Vulnerability Description

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

Related Vulnerabilities

CVE-2021-3047

LOW

CVSS:3.1(Low)

A cryptographically weak pseudo-random number generator (PRNG) is used during authentication to the Palo Alto Networks PAN-OS web interface. This enables an authenticated attacker, with the capability...

CWE-3382021

CVE-2019-11808

LOW

CVSS:3.7(Low)

Ratpack versions before 1.6.1 generate a session ID using a cryptographically weak PRNG in the JDK's ThreadLocalRandom. This means that if an attacker can determine a small window for the server start...

CWE-3382019

CVE-2022-48506

LOW

CVSS:2.4(Low)

A flawed pseudorandom number generator in Dominion Voting Systems ImageCast Precinct (ICP and ICP2) and ImageCast Evolution (ICE) scanners allows anyone to determine the order in which ballots were ca...

CWE-3382022

CVE-2017-11671

MEDIUM

CVSS:4.0(Medium)

Under certain circumstances, the ix86_expand_builtin function in i386.c in GNU Compiler Collection (GCC) version 4.6, 4.7, 4.8, 4.9, 5 before 5.5, and 6 before 6.4 will generate instruction sequences ...

CWE-3382017

CVE-2025-27551

MEDIUM

CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files lib/DBIx/Class/EncodedColumn/Dige...

CWE-3382025

CVE-2025-27552

MEDIUM

CVSS:4.0(Medium)

DBIx::Class::EncodedColumn use the rand() function, which is not cryptographically secure to salt password hashes. This vulnerability is associated with program files Crypt/Eksblowfish/Bcrypt.pm. This...

CWE-3382025