CWE-333
Improper Handling of Insufficient Entropy in TRNG
VariantDraftLikelihood: Low
Description
True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.
The rate at which true random numbers can be generated is limited. It is important that one uses them only when they are needed for security.
Hierarchy (View 1000)
CVEs mapped to this weakness (1)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-62626 | Hig | 0.47 | — | 0.00 | Nov 21, 2025 | Improper handling of insufficient entropy in the AMD CPUs could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. |