CVE-2025-62710

MEDIUM
Published Oct 22, 2025 Modified Oct 30, 2025 CWE-337

Description

Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.

CVSS v3.1 Score

5.9
MEDIUM
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Weakness Type (CWE)

CWE-337 CWE-337

Affected Products

Vendor Product
sakailms sakai

References

Frequently Asked Questions

What is CVE-2025-62710? +
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a non‑cryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or at‑rest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk. It has a CVSS v3.1 base score of 5.9 (MEDIUM).
How severe is CVE-2025-62710? +
CVE-2025-62710 has a CVSS v3.1 score of 5.9 out of 10, rated MEDIUM. This is a medium-severity vulnerability that should be remediated as part of regular maintenance.
What products are affected by CVE-2025-62710? +
CVE-2025-62710 affects products from sakailms, specifically: sakai. Check the affected products table above for specific version ranges.
How do I check if I'm vulnerable to CVE-2025-62710? +
You can use Secably's free Website Scanner to check your website for known vulnerabilities. For infrastructure scanning, use the Port Scanner to identify exposed services that may be affected. Check the vendor advisories linked above for specific patch and version information.

Related Vulnerabilities

CVE-2025-7770

Tigo Energy's CCA device is vulnerable to insecure session ID generation in their remote API. The session IDs are generated …
CVE-2024-7558 8.7

JUJU_CONTEXT_ID is a predictable authentication secret. On a Juju machine (non-Kubernetes) or Juju charm container (on Kubernetes), an unprivileged user …
CVE-2025-55069 8.3

A predictable seed in pseudo-random number generator vulnerability has been discovered in firmware version 3.60 of the Click Plus PLC. …
CVE-2025-20613 3.3

Predictable Seed in Pseudo-Random Number Generator (PRNG) in the firmware for some Intel(R) TDX may allow an authenticated user to …
CVE-2024-22194 2.2

cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An …
CVE-2024-47876 8.8

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with …

Don't wait for an exploit

Scan your website for vulnerabilities like CVE-2025-62710 — free, no signup required.

Start Free Scan