CVE-2025-47914

Published: Nov 19, 2025

Modified: Nov 20, 2025

PUBLISHED

Description

SSH Agent servers do not validate the size of messages when processing new identity requests, which may cause the program to panic if the message is malformed due to an out of bounds read.

Vendor	Product	Versions
golang.org/x/crypto	golang.org/x/crypto/ssh/agent	affected `0 - < 0.45.0`

References

https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

https://go.dev/cl/721960

https://go.dev/issue/76364

https://pkg.go.dev/vuln/GO-2025-4135

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-47914

Description

Affected Products

References