CVE-2025-11065

EUVD-2025-29426
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
Debian logo
Debian Releases
Debian Product
Codename
golang-github-go-viper-mapstructure
forky
2.5.0-2
fixed
sid
2.5.0-2
fixed
trixie
no-dsa
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
alloy
suse enterprise desktop 15 SP7
1.11.3-150700.15.9.1
fixed
suse enterprise sap 15 SP7
1.11.3-150700.15.9.1
fixed
suse enterprise server 15 SP7
1.11.3-150700.15.9.1
fixed
cosign
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
cosign-bash-completion
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
cosign-zsh-completion
suse enterprise desktop 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise sap 15 SP7
3.0.5-150400.3.35.1
fixed
suse enterprise server 15 SP7
3.0.5-150400.3.35.1
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
amazon-cloudwatch-agent
Amazon Linux 2
0:1.300059.1-1.amzn2
fixed
Amazon Linux 2023
0:1.300059.1-1.amzn2023
fixed
nerdctl
Amazon Linux 2
0:2.1.5-1.amzn2.0.1
fixed
Amazon Linux 2023
0:2.1.5-1.amzn2023.0.1
fixed
nerdctl-debuginfo
Amazon Linux 2
0:2.1.5-1.amzn2.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
cert-manager
Azure Linux 3.0
0:1.12.15-6.azl3
fixed
CBL-Mariner 2.0
0:1.11.2-27.cm2
fixed
coredns
Azure Linux 3.0
0:1.11.4-14.azl3
fixed
cri-o
CBL-Mariner 2.0
0:1.22.3-20.cm2
fixed
docker-buildx
Azure Linux 3.0
0:0.14.0-10.azl3
fixed
docker-cli
Azure Linux 3.0
0:25.0.7-2.azl3
fixed
docker-compose
Azure Linux 3.0
0:2.27.0-8.azl3
fixed
gh
Azure Linux 3.0
0:2.62.0-13.azl3
fixed
influxdb
Azure Linux 3.0
0:2.7.5-13.azl3
fixed
CBL-Mariner 2.0
0:2.6.1-30.cm2
fixed
kata-containers
Azure Linux 3.0
0:3.19.1.kata2-5.azl3
fixed
keda
Azure Linux 3.0
0:2.14.1-11.azl3
fixed
CBL-Mariner 2.0
0:2.4.0-32.cm2
fixed
kube-vip-cloud-provider
CBL-Mariner 2.0
0:0.0.2-26.cm2
fixed
kubevirt
Azure Linux 3.0
0:1.7.0-3.azl3
fixed
CBL-Mariner 2.0
0:0.59.0-38.cm2
fixed
kured
Azure Linux 3.0
0:1.15.0-3.azl3
fixed
CBL-Mariner 2.0
0:1.14.2-7.cm2
fixed
moby-buildx
CBL-Mariner 2.0
0:0.7.1-28.cm2
fixed
moby-cli
CBL-Mariner 2.0
0:24.0.9-8.cm2
fixed
moby-compose
CBL-Mariner 2.0
0:2.17.3-14.cm2
fixed
opa
Azure Linux 3.0
0:0.63.0-3.azl3
fixed
CBL-Mariner 2.0
0:0.63.0-6.cm2
fixed
packer
Azure Linux 3.0
0:1.9.5-13.azl3
fixed
CBL-Mariner 2.0
0:1.9.5-18.cm2
fixed
prometheus
CBL-Mariner 2.0
0:2.37.9-7.cm2
fixed
rook
CBL-Mariner 2.0
0:1.6.2-29.cm2
fixed
skopeo
Azure Linux 3.0
0:1.14.4-8.azl3
fixed
CBL-Mariner 2.0
0:1.14.2-14.cm2
fixed
telegraf
Azure Linux 3.0
0:1.31.0-15.azl3
fixed
CBL-Mariner 2.0
0:1.29.4-21.cm2
fixed
terraform
CBL-Mariner 2.0
0:1.3.2-29.cm2
fixed
vitess
Azure Linux 3.0
0:19.0.4-9.azl3
fixed
CBL-Mariner 2.0
0:17.0.7-14.cm2
fixed