CVE-2025-58187

EPSS 0.02%
Veröffentlicht 29.10.2025 22:10:12
Zuletzt bearbeitet 29.01.2026 16:02:27
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Due to the design of the name constraint checking algorithm, the processing time of some inputs scale non-linearly with respect to the size of the certificate. This affects programs which validate arbitrary certificate chains.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.24.9

Golang ≫ Go Version >= 1.25.0 < 1.25.3

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.02%	0.037

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-407 Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI

Mailing List

Release Notes

https://go.dev/issue/75681

Issue Tracking

https://go.dev/cl/709854

Patch

https://pkg.go.dev/vuln/GO-2025-4007

Vendor Advisory

http://www.openwall.com/lists/oss-security/2025/10/08/1

Mailing List

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-58187

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-58187

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-58187

EUVD