CVE-2025-7394
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-07-18

Last updated on: 2025-12-03

Assigner: wolfSSL Inc.

Description
In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-07-18
Last Modified
2025-12-03
Generated
2026-05-27
AI Q&A
2025-07-19
EPSS Evaluated
2026-05-25
NVD
CVE-2025-7394
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wolfssl wolfssl From 3.15.0 (inc) to 5.8.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability occurs in the OpenSSL compatibility layer's RAND_poll() function, which does not behave as expected after a fork() system call. As a result, applications that call RAND_bytes() after fork() may generate predictable or weak random numbers. This affects only applications explicitly using RAND_bytes() after fork() and does not impact internal TLS operations. wolfSSL has made changes to reseed the random number generator after fork() to mitigate this issue.


How can this vulnerability impact me? :

If your application uses RAND_bytes() to generate random numbers and performs fork() operations without properly reseeding the random number generator, it may produce predictable random values. This can weaken cryptographic operations relying on randomness, potentially compromising security features such as key generation, session tokens, or other cryptographic elements that depend on strong randomness.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, update to the latest version of wolfSSL, which includes a code change that reseeds the Hash-DRBG after detecting a fork, ensuring RAND_bytes() behaves securely. Additionally, avoid using RAND_bytes() after fork() without first calling RAND_poll(), as documented in OpenSSL.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart