CVE-2025-22869

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2025-22869
SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://go.dev/cl/652135 Patch
https://go.dev/issue/71931 Issue Tracking Patch
https://pkg.go.dev/vuln/GO-2025-3487 Vendor Advisory
https://security.netapp.com/advisory/ntap-20250411-0010/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:go:ssh:*:*:*:*:*:go:*:*
History

No history.

Information

Published : 2025-02-26 08:14

Updated : 2025-05-01 19:28

NVD link : CVE-2025-22869

Mitre link : CVE-2025-22869

CVE.ORG link : CVE-2025-22869

JSON object : View

Products Affected

go

  • ssh
CWE
CWE-770

Allocation of Resources Without Limits or Throttling