CVE-2025-47914
Malformed constraint may cause denial of service in golang.org/x/crypto/ssh/agent
5.3
MEDIUM
CVSS 3.1
EPSS 0.01%
Description
SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.
How to fix CVE-2025-47914
To remediate CVE-2025-47914, upgrade the affected package to a fixed version below.
- Debian/golang-go.crypto—no fix listed
- —upgrade to 0.45.0 or later
- —upgrade to 0.45.0 or later
Is CVE-2025-47914 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0
- from 0, < 0.45.0
- from 0, < 0.45.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |