Home > Vulnerability Database > CVE-2025-58185

Mend.io Vulnerability Database

CVE-2025-58185

Good to know:

Date: October 7, 2025

In Go before 1.24.8 and 1.25.x before 1.25.2, When parsing DER payloads, memories were being allocated prior to fully validating the payloads. This permits an attacker to craft a big empty DER payload to cause memory exhaustion in functions such as asn1.Unmarshal, x509.ParseCertificateRequest, and ocsp.ParseResponse.

Severity Score

7.5

Related Resources (3)

Url: https://seclists.org/oss-sec/2025/q4/18

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58185

Url: https://www.mend.io/vulnerability-database/CVE-2025-58185

Severity Score

7.5

Weakness Type (CWE)

Improper Resource Shutdown or Release

CWE-404

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version https://github.com/golang/go.git - go1.24.8;https://github.com/golang/go.git - go1.25.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58185

Good to know:

Date: October 7, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?