CVE-2025-0577

medium

Description

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2338871

https://access.redhat.com/security/cve/CVE-2025-0577

Details

Source: Mitre, NVD

Published: 2026-02-18

Updated: 2026-02-19

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 4.8

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00022