Home > Vulnerability Database > CVE-2025-58181

Mend.io Vulnerability Database

CVE-2025-58181

Good to know:

Date: November 19, 2025

SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption.

Severity Score

5.3

Related Resources (6)

Url: https://pkg.go.dev/vuln/GO-2025-4134

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58181

Url: https://go.dev/cl/721961

Url: https://go.dev/issue/76363

Url: https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

Url: https://www.mend.io/vulnerability-database/CVE-2025-58181

Severity Score

5.3

Weakness Type (CWE)

Allocation of Resources Without Limits or Throttling

CWE-770

Top Fix

Upgrade Version

Upgrade to version golang.org/x/crypto - v0.45.0;golang.org/x/crypto - v0.45.0

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58181

Good to know:

Date: November 19, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?