CVE-2025-11065
Published: Jan 26, 2026
Modified: Feb 3, 2026
CVSS v3.1
5.3
Description
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.
| Vendor | Product | Versions |
|---|---|---|
Unknown | github.com/go-viper/mapstructure/v2 | affected 0 - < 2.4.0 |
Red Hat | OpenShift Pipelines | All versions |
Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | All versions |
Red Hat | Red Hat Advanced Cluster Management for Kubernetes 2 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Advanced Cluster Security 4 | All versions |
Red Hat | Red Hat Certification for Red Hat Enterprise Linux 8 | All versions |
Red Hat | Red Hat Certification Program for Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 10 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat Enterprise Linux 9 | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift AI (RHOAI) | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Container Platform 4 | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift Dev Spaces | All versions |
Red Hat | Red Hat OpenShift distributed tracing 3 | All versions |
Red Hat | Red Hat OpenShift GitOps | All versions |
Red Hat | Red Hat OpenShift GitOps | All versions |
Red Hat | Red Hat Trusted Application Pipeline | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Red Hat Trusted Artifact Signer | All versions |
Red Hat | Zero Trust Workload Identity Manager - Tech Preview | All versions |
Red Hat | Zero Trust Workload Identity Manager - Tech Preview | All versions |
Red Hat | Zero Trust Workload Identity Manager - Tech Preview | All versions |
Red Hat | Zero Trust Workload Identity Manager - Tech Preview | All versions |
Weaknesses (CWE)
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now