CVE-2025-61723

Published Oct 29, 2025

Last updated 3 months ago

CVSS high 7.5
Mysql

Overview

Description
The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs.
Source
security@golang.org
NVD status
Analyzed
Products
go

Risk scores

CVSS 3.1

Type
Secondary
Base score
7.5
Impact score
3.6
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity
HIGH

Weaknesses

nvd@nist.gov
CWE-770

Social media

Hype score
Not currently trending

  1. URGENT: Critical vulnerability CVE-2025-61723 patched in chezmoi for #Fedora. Allows arbitrary code execution via dotfile templates. Read more: ๐Ÿ‘‰ https://t.co/SiuuwBACqs #Security https://t.co/oiGN0gmMTf

    @Cezar_H_Linux

    14 Jan 2026

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. Just published a deep-dive on CVE-2025-61723, the critical JWT vulnerability in #Fedora 42's Go library. Went beyond the advisory to explore. Read more: ๐Ÿ‘‰ https://t.co/Woc0xlYA6R #Security https://t.co/x0HwxwTJX1

    @Cezar_H_Linux

    30 Dec 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. URGENT: #Fedora docker-buildkit security patches available for CVE-2025-58183, CVE-2025-58185, CVE-2025-58188, CVE-2025-58189, CVE-2025-61723 Read more: ๐Ÿ‘‰ https://t.co/1s46wqrgPS #Security https://t.co/WcSSlZybiB

    @Cezar_H_Linux

    27 Nov 2025

    46 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. CVE-2025-61723 The processing time for parsing some invalid inputs scales non-linearly with respect to the size of the input. This affects programs which parse untrusted PEM inputs. https://t.co/NEOIYWlOgR

    @CVEnew

    29 Oct 2025

    254 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

Related CVEs

  1. Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).โ€ขCVE-2026-35235
  2. Validating certificate chains which use policies is unexpectedly inefficient when certificates in the chain contain a very large number of policy mappings, possibly causing denial of service. This only affects validation of otherwise trusted certificate chains, issued by a root CA in the VerifyOptions.Roots CertPool, or in the system certificate pool.โ€ขCVE-2026-32281
  3. The compiler is meant to unwrap pointers which are the operands of a memory move; a no-op interface conversion prevented the compiler from making the correct determination about non-overlapping moves, potentially leading to memory corruption at runtime.โ€ขCVE-2026-27144
  4. During chain building, the amount of work that is done is not correctly limited when a large number of intermediate certificates are passed in VerifyOptions.Intermediates, which can lead to a denial of service. This affects both direct users of crypto/x509 and users of crypto/tls.โ€ขCVE-2026-32280
  5. Arithmetic over induction variables in loops were not correctly checked for underflow or overflow. As a result, the compiler would allow for invalid indexing to occur at runtime, potentially leading to memory corruption.โ€ขCVE-2026-27143

References

Sources include official advisories and independent security research.