CNNVD-202510-2795 Information
CNNVD ID
CNNVD-202510-2795
Related CVE
- CNNVD Published: 2025-10-22
Description (Chinese)
Sakai是Apereo Sakai开源的一个免费提供、功能丰富的技术解决方案,用于学习、教学、研究和协作。 Sakai 23.5之前版本和25.0之前版本存在安全漏洞,该漏洞源于使用非加密伪随机数生成器初始化AES256TextEncryptor密码,可能导致密钥被预测和数据解密。
Description (English)
Sakai is a free-of-charge, functional, technical solution from the Apereo Sakai Open Source for learning, teaching, research and collaboration. There is a security loophole in previous Sakai 23.5 and before 25.0, which stems from the use of a non-encrypted pseudo-random generator to initialize the AES256 TextEncrypt password, which could lead to the prediction of key and data decryption.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Apereo Sakai
Published
2025-10-22
Last Modified
2026-02-24
References
https://github.com/sakaiproject/sakai/commit/bde070104b1de01f4a6458dca6d9e0880a0e3c04 https://github.com/sakaiproject/sakai/security/advisories/GHSA-gr7h-xw4f-wh86 https://access.redhat.com/security/cve/cve-2025-62710
Patch
https://github.com/sakaiproject/sakai/tags
Share on: