GSSAPI Authentication Request Parsing Vulnerability in SSH Servers
CVE-2025-58181

5.3MEDIUM

Key Information:

Vendor: Golang.org/x/crypto
Status: Golang.org/x/crypto/ssh
Vendor: CVE Published:; 19 November 2025

🔔 Create Golang.org/x/crypto Vulnerability Alert

What is CVE-2025-58181?

SSH servers that process GSSAPI authentication requests contain a vulnerability where the number of mechanisms specified in the request is not properly validated. This oversight means that an attacker could exploit this flaw to initiate excessive memory consumption, potentially leading to service disruptions and denial of service conditions. It is crucial for administrators to apply updates and monitor their systems for unusual behavior to mitigate this risk.

References

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

https://go.dev/cl/721961

https://go.dev/issue/76363

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 19, 2025
Vulnerability Reserved
Aug 27, 2025

Credit

Jakub Ciolek

JSON