20 Year old pgcrypto CVE reported

A newly reported CVE (CVE-2025-1054) reveals a 20-year-old vulnerability in PostgreSQL's pgcrypto extension, stemming from code contributed in 2005. The flaw allows attackers to exploit weak randomness when PGP functions are used with no or low entropy, though risk is limited to specific configurations.