CVE-2025-61728

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.24.12 Go versions prior to 1.25.6

Description The Go programming language contains a flaw in the archive/zip functionality that can lead to denial-of-service. Specifically, crafted ZIP files can trigger super-linear processing and excessive consumption of memory and CPU resources when opened, potentially causing a disruption of service. This issue affects backend services and build pipelines that automatically parse ZIP content.

Recommendations Update to Go version 1.24.12 or later. Update to Go version 1.25.6 or later.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-61728

ECHO-DCEE-75BC-CD88

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

SUSE-SU-2026:0308-1

CVE-2025-61728

Related Identifiers

Affected Products

References · 80