Wiz
Vulnerability DatabaseCVE-2025-62626

CVE-2025-62626
Echo vulnerability analysis and mitigation

Overview

The vulnerability CVE-2025-62626 affects AMD's "Zen 5" processors, involving a bug in the RDSEED instruction that may return 0 at a rate inconsistent with randomness while incorrectly signaling success. The issue was initially reported through the Linux kernel mailing list and affects the 16-bit and 32-bit forms of the RDSEED instruction, while the 64-bit form remains unaffected. The vulnerability was assigned a CVSS score of 7.2 (High) (AMD Security Bulletin).

Technical details

The vulnerability stems from improper handling of insufficient entropy in AMD CPUs, specifically affecting the RDSEED instruction implementation. When the instruction returns a value of 0, it incorrectly sets the carry flag (CF=1) to indicate success, leading to a potential misclassification of failure as success. This issue specifically impacts the 16-bit and 32-bit forms of the RDSEED instruction on Zen 5 processors, while the 64-bit form remains unaffected (AMD Security Bulletin).

Impact

The vulnerability could allow a local attacker to influence the values returned by the RDSEED instruction, potentially resulting in the consumption of insufficiently random values. This poses risks to cryptographic operations and security functions that rely on hardware-generated random numbers, potentially compromising both confidentiality and integrity of affected systems (AMD Security Bulletin).

Mitigation and workarounds

AMD has announced several temporary workaround options while awaiting the final microcode patch: 1) Use the 64-bit form of RDSEED, 2) Mask the CPUID Fn00000007EBX[18] RDSEED from software discovery, 3) Treat RDSEED returning 0 as equivalent to CF=0, and 4) Retry RDSEED later until a non-zero value is returned with CF=1. Permanent fixes are planned for release through microcode updates, with target release dates varying by processor family. For EPYC 9005 Series Processors, the microcode mitigation (Turin C1: 0x0B00215A, Turin Dense B0: 0x0B101054) was released on 2025-10-28, while other processor families are scheduled for updates in late November 2025 (AMD Security Bulletin).

Additional resources

SourceThis report was generated using AI

Related Echo vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2025-62626HIGH7.2
  • EchoEcho
  • libertas-sd8686-firmware
NoYesNov 21, 2025
CVE-2025-9825MEDIUM5
  • GitLabGitLab
  • cpe:2.3:a:gitlab:gitlab
NoYesNov 21, 2025
CVE-2025-40211N/AN/A
  • Linux KernelLinux Kernel
  • kernel-rt-64k-modules-internal
NoYesNov 21, 2025
CVE-2025-40210N/AN/A
  • EchoEcho
  • linux
NoYesNov 21, 2025
CVE-2025-9820N/AN/A
  • GnuTLSGnuTLS
  • gnutls-c++-debuginfo
NoYesNov 21, 2025

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo