CVE-2025-66565
Published: Dec 9, 2025
Modified: Dec 9, 2025
Description
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
| Vendor | Product | Versions |
|---|---|---|
gofiber | utils | affected github.com/gofiber/utils <= 1.2.0affected github.com/gofiber/utils/v2 < 2.0.0-rc.4 |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now