CVE-2025-0577

Glibc: vdso getrandom acceleration may return predictable randomness

CVSS 4.8 MEDIUMEPSS 0.2%CWE-331

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 4.8EPSS 0.2%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

18 Feb 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

An insufficient entropy vulnerability was found in glibc. The getrandom and arc4random family of functions may return predictable randomness if these functions are called again after the fork, which happens concurrently with a call to any of these functions.

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected products

glibcRed Hat · Red Hat Enterprise Linux 10 Red Hat · Red Hat Enterprise Linux 6 Red Hat · Red Hat Enterprise Linux 7 Red Hat · Red Hat Enterprise Linux 8 Red Hat · Red Hat Enterprise Linux 9

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://access.redhat.com/security/cve/CVE-2025-0577 https://bugzilla.redhat.com/show_bug.cgi?id=2338871