Main Vulnerability Database Vulnerabilities #VU105459

Resource exhaustion in crypto - CVE-2025-22869

Published: March 10, 2025

Vulnerability identifier: #VU105459

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2025-22869

CWE-ID: CWE-400

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
crypto

Detailed vulnerability description

The vulnerability allows a remote user to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources within the ssh package when handling clients that complete the key exchange slowly, or not at all. A remote user can trigger resource exhaustion and perform a denial of service (DoS) attack.

How to mitigate CVE-2025-22869

Install updates from vendor's website.

Sources

https://go.dev/cl/652135
https://go.dev/issue/71931
https://pkg.go.dev/vuln/GO-2025-3487
https://pkg.go.dev/golang.org/x/crypto/ssh

Resource exhaustion in crypto - CVE-2025-22869

Detailed vulnerability description

How to mitigate CVE-2025-22869

Sources

Please verify you're human