Excessive CPU Consumption in Go's ParseAddress Function
CVE-2025-61725
Currently unrated
What is CVE-2025-61725?
The vulnerability in Go's ParseAddress function arises from its method of constructing domain-literal address components via repeated string concatenation. This inefficiency leads to significant CPU overutilization when dealing with large domain-literal inputs, which can impair performance and responsiveness of applications utilizing this function.
Affected Version(s)
net/mail 0 < 1.24.8
net/mail 1.25.0 < 1.25.2