CVE-2025-21617
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1.
More information : https://github.com/guzzle/oauth-subscriber/blob/0.8.0/src/Oauth1.php#L192