Sakaiproject Sakai
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Sakaiproject Sakai.
By the Year
In 2026 there have been 0 vulnerabilities in Sakaiproject Sakai. Last year, in 2025 Sakai had 1 security vulnerability published. Right now, Sakai is on track to have less security vulnerabilities in 2026 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 1 | 5.90 |
It may take a day or so for new Sakai vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Sakaiproject Sakai Security Vulnerabilities
Sakai AES256 key prediction via Random in EncryptionUtilityServiceImpl <23.5
CVE-2025-62710
5.9 - Medium
- October 22, 2025
Sakai is a Collaboration and Learning Environment. Prior to versions 23.5 and 25.0, EncryptionUtilityServiceImpl initialized an AES256TextEncryptor password (serverSecretKey) using RandomStringUtils with the default java.util.Random. java.util.Random is a noncryptographic PRNG and can be predicted from limited state/seed information (e.g., start time window), substantially reducing the effective search space of the generated key. An attacker who can obtain ciphertexts (e.g., exported or atrest strings protected by this service) and approximate the PRNG seed can feasibly reconstruct the serverSecretKey and decrypt affected data. SAK-49866 is patched in Sakai 23.5, 25.0, and trunk.
PRNG
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Sakaiproject Sakai or by Sakaiproject? Click the Watch button to subscribe.
