In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report.

🗓️ 04 Sep 2025 10:46:05Reported by MicrosoftType

RAND poll bug made random bytes predictable after fork; wolfSSL reseeds Hash-DRBG post-fork; update to latest wolfSSL.

Reporter	Title	Published	Views	Family All 17
AlpineLinux	CVE-2025-7394	18 Jul 202522:34	–	alpinelinux
Circl	CVE-2025-7394	19 Jul 202502:55	–	circl
CNNVD	OpenSSL 安全漏洞	18 Jul 202500:00	–	cnnvd
CVE	CVE-2025-7394	18 Jul 202522:34	–	cve
Cvelist	CVE-2025-7394	18 Jul 202522:34	–	cvelist
Debian CVE	CVE-2025-7394	18 Jul 202522:34	–	debiancve
EUVD	EUVD-2025-21938	3 Oct 202520:07	–	euvd
NVD	CVE-2025-7394	18 Jul 202523:15	–	nvd
OSV	DEBIAN-CVE-2025-7394	18 Jul 202523:15	–	osv
OSV	UBUNTU-CVE-2025-7394	18 Jul 202523:15	–	osv