CVE-2025-10954

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions github.com/nyaruka/phonenumbers versions prior to 1.2.2

Description The package contains an issue related to improper validation of input syntax within the phonenumbers.Parse() function. Providing specifically crafted input can lead to a panic, resulting in a "slice bounds out of range" runtime error.

Recommendations Update to version 1.2.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1286

Related Identifiers

CVE-2025-10954

GHSA-FMJH-F678-CV3X

GO-2025-3987

OPENSUSE-SU-2025:15710-1

Affected Products

Phonenumber

CVE-2025-10954

Weakness Enumeration

Related Identifiers

Affected Products

References · 83