CVE Vulnerabilities

CVE-2025-62626

Improper Handling of Insufficient Entropy in TRNG

Published: Nov 21, 2025 | Modified: Nov 21, 2025

CVSS 3.x

N/A

Source:

NVD

CVSS 2.x

RedHat/V2

RedHat/V3

Ubuntu

MEDIUM

Vulnerability-free packages from our partners

Additional information

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-62626
CWE	https://cwe.mitre.org/data/definitions/333.html

Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values.

Weakness

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

Potential Mitigations

References

https://www.amd.com/en/resources/product-security/bulletin/AMD-SB-7055.html

Aqua Container Security

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.