CVE-2025-0577 — Insufficient Entropy in Glibc

CWE-331 — Insufficient Entropy5 documents5 sources

Severity

4.8MEDIUMNVD

EPSS

0.0%

top 98.46%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Glibc

Timeline

PublishedFeb 18

Description

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 2.2 | Impact: 2.5

Affected Packages1 packages

▶debiandebian/glibc

🔴Vulnerability Details

GHSA

GHSA-7qhw-4fcq-2g37: An insufficient entropy vulnerability was found in glibc↗2026-02-18

▶

📋Vendor Advisories

Red Hat

glibc: vDSO getrandom acceleration may return predictable randomness↗2025-01-23

▶

Debian

CVE-2025-0577: glibc - An insufficient entropy vulnerability was found in glibc. The getrandom and arc4...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-0577 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶