CVE-2025-22865

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Go crypto/x509 library (affected versions not specified)

Description The issue is related to the incorrect handling of syntactically incorrect structures by the ParsePKCS1PrivateKey function in the Go crypto/x509 library. This could allow a remote attacker to gain unauthorized access to protected information when parsing a RSA key that is missing the CRT values, causing the function to panic when verifying that the key is well formed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-228

Related Identifiers

BDU:2025-01439

BIT-GOLANG-2025-22865

CVE-2025-22865

ECHO-633D-3526-5D52

GO-2025-3421

OPENSUSE-SU-2025:14693-1

OPENSUSE-SU-2025:14710-1

OPENSUSE-SU-2025_0285-1

OPENSUSE-SU-2025_0297-1

OPENSUSE-SU-2025_0429-1

SUSE-SU-2025:0285-1

SUSE-SU-2025:0297-1

SUSE-SU-2025:0429-1

SUSE-SU-2025_0285-1

Affected Products

Go Crypto/X509 Library

Suse

CVE-2025-22865

Weakness Enumeration

Related Identifiers

Affected Products

References · 88