Vulnerability Report: GO-2025-4116
- CVE-2025-47913
- Affects: golang.org/x/crypto
- Published: Nov 13, 2025
SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Affected Packages
-
PathVersionsSymbols
-
before v0.43.0all symbols
Aliases
References
- https://go.dev/cl/700295
- https://go.dev/issue/75178
- https://github.com/advisories/GHSA-hcg3-q754-cr77
- https://vuln.go.dev/ID/GO-2025-4116.json
Credits
- Jakub CiolekNicola Murino
Feedback
See anything missing or incorrect?
Suggest an edit to this report.