CVE-2025-21617
Description
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.
Weakness Type (CWE)
References
Other References
Frequently Asked Questions
What is CVE-2025-21617? +
How do I check if I'm vulnerable to CVE-2025-21617? +
Related Vulnerabilities
Vision UI is a collection of enterprise-grade, dependency-free modules for modern web projects. In versions 1.4.0 and below, the getSecureRandomInt …
Use of a weak pseudo-random number generator, which may allow an attacker to read or inject encrypted PowerG packets.
Magento Long Term Support (LTS) is an unofficial, community-driven project provides an alternative to the Magento Community Edition e-commerce platform …
Apache Druid’s Kerberos authenticator uses a weak fallback secret when the `druid.auth.authenticator.kerberos.cookieSignatureSecret` configuration is not explicitly set. In this case, …
In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for …
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic …