CVE-2025-48075

Name of the Vulnerable Software and Affected Versions Fiber versions 2.52.6 through 2.52.6

Description The issue affects the fiber.Ctx.BodyParser functionality, which can map flat data to nested slices using key[idx]value syntax. However, when idx is negative, it causes a panic instead of returning an error, stating it cannot process the data. Since this data is user-provided, this could lead to denial of service for anyone relying on this fiber.Ctx.BodyParser functionality.

Recommendations For Fiber versions 2.52.6, update to version 2.52.7 to resolve the issue. As a temporary workaround, consider restricting the use of the fiber.Ctx.BodyParser functionality to minimize the risk of exploitation. Avoid using the key[idx]value syntax with negative idx values in the affected API endpoint until the issue is resolved.