CVE-2025-58190

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions golang.org/x/net/html (affected versions not specified)

Description The html.Parse function can enter an infinite parsing loop when processing specific HTML inputs. This can result in a denial of service (DoS) if an attacker provides crafted HTML content.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Infinite Loop

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-835

Related Identifiers

AZL-76788

AZL-76790

AZL-76799

AZL-76805

AZL-76811

AZL-76827

AZL-76839

AZL-76851

AZL-76856

AZL-76874

AZL-76878

AZL-76880

AZL-76889

AZL-76901

AZL-76907

AZL-76913

AZL-76919

AZL-76925

AZL-76931

AZL-76937

AZL-76947

AZL-76958

AZL-76965

AZL-76980

AZL-76988

AZL-77000

AZL-77010

AZL-77013

AZL-77021

AZL-77040

AZL-77049

AZL-77055

AZL-77064

AZL-77073

AZL-77085

AZL-77093

AZL-77102

BDU:2026-05686

CLEANSTART-2026-AE87452

CLEANSTART-2026-BM53321

CLEANSTART-2026-CB01846

CLEANSTART-2026-DG06447

CLEANSTART-2026-DM93480

CLEANSTART-2026-EJ93145

CLEANSTART-2026-FM65506

CLEANSTART-2026-HA09227

CLEANSTART-2026-HK71313

CLEANSTART-2026-HX97842

CLEANSTART-2026-HZ73294

CLEANSTART-2026-JB52011

CLEANSTART-2026-JD68539

CLEANSTART-2026-JK84667

CLEANSTART-2026-KJ02127

CLEANSTART-2026-LS00044

CLEANSTART-2026-MF20926

CLEANSTART-2026-MQ21261

CLEANSTART-2026-NB78893

CLEANSTART-2026-NG75665

CLEANSTART-2026-PK48502

CLEANSTART-2026-QN98167

CLEANSTART-2026-SQ24713

CLEANSTART-2026-SQ68600

CLEANSTART-2026-TM31143

CLEANSTART-2026-UG20989

CLEANSTART-2026-UO31069

CLEANSTART-2026-WK32717

CVE-2025-58190

GO-2026-4441

OPENSUSE-RU-2026:20010-1

OPENSUSE-SU-2025:15607-1

OPENSUSE-SU-2025:15616-1

OPENSUSE-SU-2025:15617-1

OPENSUSE-SU-2025:15618-1

OPENSUSE-SU-2025:15619-1

OPENSUSE-SU-2025:15620-1

OPENSUSE-SU-2025:15654-1

OPENSUSE-SU-2025:15669-1

OPENSUSE-SU-2025:15709-1

OPENSUSE-SU-2025:15729-1

OPENSUSE-SU-2025:15730-1

OPENSUSE-SU-2025:15743-1

OPENSUSE-SU-2025:15779-1

OPENSUSE-SU-2025:15830-1

OPENSUSE-SU-2025:15852-1

OPENSUSE-SU-2025:15854-1

OPENSUSE-SU-2025:20118-1

OPENSUSE-SU-2025:20143-1

OPENSUSE-SU-2025:20160-1

OPENSUSE-SU-2026:10173-1

OPENSUSE-SU-2026:10543-1

OPENSUSE-SU-2026:10862-1

OPENSUSE-SU-2026:20044-1

OPENSUSE-SU-2026:20058-1

OPENSUSE-SU-2026:20105-1

OPENSUSE-SU-2026:20132-1

OPENSUSE-SU-2026:20206-1

OPENSUSE-SU-2026:20318-1

OPENSUSE-SU-2026:20327-1

OPENSUSE-SU-2026:20654-1

OPENSUSE-SU-2026:20730-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2025:21043-1

SUSE-SU-2025:21221-1

SUSE-SU-2025:4190-1

SUSE-SU-2025:4444-1

SUSE-SU-2025:4446-1

SUSE-SU-2025:4479-1

SUSE-SU-2025:4482-1

SUSE-SU-2026:0028-1

SUSE-SU-2026:0403-1

SUSE-SU-2026:0580-1

SUSE-SU-2026:20089-1

SUSE-SU-2026:20176-1

SUSE-SU-2026:20244-1

SUSE-SU-2026:20357-1

SUSE-SU-2026:20685-1

USN-8089-1

USN-8089-2

USN-8089-3

Affected Products

Linuxmint

Red Os

Ubuntu

Golang.Org/X/Net/Html

CVE-2025-58190

Weakness Enumeration

Related Identifiers

Affected Products

References · 477