CVE-2025-0577
Received
Received - Intake
Insufficient Entropy in glibc getrandom/arc4random Post-fork
Vulnerability report for CVE-2025-0577, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-02-18
Last updated on: 2026-02-18
Assigner: Fedora Project
Description
Description
An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gnu | glibc | * |
| gnu | glibc | 2.39 |
| gnu | glibc | 2.40 |
| gnu | glibc | 2.41 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-331 | The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others. |