Out-of-Bounds Slice Allocation in Fiber Framework by Go
CVE-2025-54801

8.7HIGH

Key Information:

Vendor: Gofiber
Status: Fiber
Vendor: CVE Published:; 6 August 2025

What is CVE-2025-54801?

The Fiber web framework, inspired by Express and written in Go, is susceptible to an out-of-bounds slice allocation issue. This vulnerability occurs in versions 2.52.8 and earlier when parsing form data using Fiber's Ctx.BodyParser. If a large numeric key, which designates a slice index, is provided (e.g., test.18446744073704), the underlying schema decoder fails to validate the index size prior to attempting to allocate a slice. This can cause the application to crash due to excessive memory allocation requests or integer overflow, leading to a panic. The issue is resolved in version 2.52.9.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

fiber < 2.52.9

References

https://github.com/gofiber/fiber/security/advisories/GHSA...

x_refsource_CONFIRM

https://github.com/gofiber/fiber/commit/e115c08b8f059a4a0...

x_refsource_MISC

CVSS V4

Score:

8.7

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Timeline

Vulnerability published
Aug 6, 2025

JSON

Gofiber

What is CVE-2025-54801?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V4

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.