Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2025-58369

Good to know:

icon
icon

Date: September 5, 2025

fs2 is a compositional, streaming I/O library for Scala. Versions 3.12.2 and lower and 3.13.0-M1 through 3.13.0-M6 is vulnerable to denial of service attacks though TLS sessions using fs2-io on the JVM using the fs2.io.net.tls package. When establishing a TLS session, if one side of the connection shuts down "write" while the peer side is awaiting more data to progress the TLS handshake, the peer side will spin loop on the socket read, fully utilizing a CPU. The CPU is consumed until the overall connection is closed, potentially shutting down a fs2-io powered server. This issue is fixed in versions 3.12.1 and 3.13.0-M7.

Severity Score

Related Resources (9)

https://github.com/typelevel/fs2/releases/tag/v3.13.0-M7
https://github.com/typelevel/fs2/releases/tag/v3.12.2
https://github.com/typelevel/fs2
https://github.com/typelevel/fs2/security/advisories/GHSA-rrw2-px9j-qffj
https://github.com/typelevel/fs2/issues/3590
https://nvd.nist.gov/vuln/detail/CVE-2025-58369
https://github.com/typelevel/fs2/commit/46e2dc3abf994dcf3d0b804b2ddb3c10c04d4976
https://github.com/typelevel/fs2/commit/5c6c4c6c1ef330f7e6b53661ecc63d5f5ba8885c
https://www.mend.io/vulnerability-database/CVE-2025-58369

Severity Score

Weakness Type (CWE)

Uncontrolled Resource Consumption

CWE-400

Top Fix

icon

Upgrade Version

Upgrade to version co.fs2:fs2-io_2.12:3.12.2;co.fs2:fs2-io_2.12:3.13.0-M7;co.fs2:fs2-io_2.13:3.12.2;co.fs2:fs2-io_2.13:3.13.0-M7;co.fs2:fs2-io_3:3.12.2;co.fs2:fs2-io_3:3.13.0-M7

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): HIGH

Do you need more information?

Contact Us