CVE-2025-47913

EUVD-2025-177185
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
gossh
𝑥
< 0.43.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
golang-go.crypto
bookworm
no-dsa
bullseye
postponed
forky
1:0.50.0-1
fixed
sid
1:0.50.0-1
fixed
trixie
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-go.crypto
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
snapd
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
plucky
ignored
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
lxd
bionic
needs-triage
focal
not-affected
jammy
dne
noble
dne
plucky
dne
questing
dne
resolute
dne
xenial
needs-triage
google-guest-agent
bionic
not-affected
focal
not-affected
jammy
not-affected
noble
not-affected
plucky
not-affected
questing
not-affected
resolute
not-affected
xenial
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
amazon-ssm-agent
suse enterprise server 15 SP4
3.3.1611.0-150000.5.26.1
fixed
apptainer
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
apptainer-sle15_6
suse enterprise server 15 SP6
1.4.5-150600.4.12.1
fixed
buildah
suse enterprise sap 15 SP6
1.35.5-150500.3.48.1
fixed
suse enterprise sap 15 SP7
1.35.5-150500.3.53.1
fixed
suse enterprise server 15 SP3
1.35.5-150300.8.49.1
fixed
suse enterprise server 15 SP4
1.35.5-150400.3.59.1
fixed
suse enterprise server 15 SP5
1.35.5-150500.3.53.1
fixed
suse enterprise server 15 SP6
1.35.5-150500.3.53.1
fixed
suse enterprise server 15 SP7
1.35.5-150500.3.53.1
fixed
libsquashfuse0
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
podman
suse enterprise sap 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.66.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.62.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.59.1
fixed
podman-docker
suse enterprise sap 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.62.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.59.1
fixed
podman-remote
suse enterprise sap 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP3
4.9.5-150300.9.66.1
fixed
suse enterprise server 15 SP4
4.9.5-150400.4.62.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.59.1
fixed
podmansh
suse enterprise sap 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise sap 15 SP7
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP5
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP6
4.9.5-150500.3.59.1
fixed
suse enterprise server 15 SP7
4.9.5-150500.3.59.1
fixed
squashfuse
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
squashfuse-tools
suse enterprise server 15 SP6
0.5.0-150600.3.2.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
buildah
RHEL 9
2:1.41.8-1.el9_7
fixed
buildah-tests
RHEL 9
2:1.41.8-1.el9_7
fixed
podman
RHEL 9
6:5.6.0-11.el9_7
fixed
podman-docker
RHEL 9
6:5.6.0-11.el9_7
fixed
podman-plugins
RHEL 9
6:5.6.0-11.el9_7
fixed
podman-remote
RHEL 9
6:5.6.0-11.el9_7
fixed
podman-tests
RHEL 9
6:5.6.0-11.el9_7
fixed
Common Weakness Enumeration
References
https://github.com/advisories/GHSA-56w8-48fp-6mgv
https://go.dev/cl/700295
https://go.dev/issue/75178
https://pkg.go.dev/vuln/GO-2025-4116