CVE-2025-58181 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Go	CNA	---				---
CISA-ADP	ADP	5.3 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Base Score

CVSS 3.x

EPSS Score

Percentile: 27%

Vendor	Product	Version
golang	crypto	𝑥 < 0.45.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

golang-go.crypto

bullseye	postponed
bookworm	vulnerable
trixie	vulnerable
forky	1:0.45.0-1 fixed
sid	1:0.45.0-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

lxd

questing	dne
plucky	dne
noble	dne
jammy	dne
focal	not-affected
bionic	needs-triage
xenial	needs-triage

golang-go.crypto

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

snapd

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

google-guest-agent

questing	needs-triage
plucky	needs-triage
noble	needs-triage
jammy	needs-triage
focal	needs-triage
bionic	needs-triage
xenial	needs-triage

Common Weakness Enumeration

CWE-770 - Allocation of Resources Without Limits or Throttling
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Vulnerability Media Exposure

[GERMAN] Golang Go: Mehrere Schwachstellen ermöglichen Denial of Service
Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Golang Go ausnutzen, um einen Denial of Service Angriff durchzuführen.
Published: 2025-11-19T23:00:00+00:00

References

https://go.dev/cl/721961

https://go.dev/issue/76363

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

https://pkg.go.dev/vuln/GO-2025-4134