CVE-2025-47913 - Vulnerability Details

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00033.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Go Subscribe	Ssh Subscribe
Golang Subscribe	Crypto Subscribe Ssh Subscribe

Configuration 1 [-]

cpe:2.3:a:go:ssh:*:*:*:*:*:go:*:*

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Golang Subscribe	Crypto Subscribe Ssh Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/advisories/GHSA-56w8-48fp-6mgv
https://github.com/advisories/GHSA-hcg3-q754-cr77
https://go.dev/cl/700295
https://go.dev/issue/75178
https://nvd.nist.gov/vuln/detail/CVE-2025-47913
https://pkg.go.dev/vuln/GO-2025-4116
https://www.cve.org/CVERecord?id=CVE-2025-47913

History

Sat, 10 Jan 2026 00:45:00 +0900

Type	Values Removed	Values Added
First Time appeared		Go Go ssh
Weaknesses		CWE-617
CPEs		cpe:2.3:a:go:ssh::::::go::*
Vendors & Products		Go Go ssh

Wed, 17 Dec 2025 01:45:00 +0900

Type	Values Removed	Values Added
References		https://github.com/advisories/GHSA-56w8-48fp-6mgv

Wed, 26 Nov 2025 09:15:00 +0900

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-47913 https://www.cve.org/CVERecord?id=CVE-2025-47913
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 14 Nov 2025 18:30:00 +0900

Type	Values Removed	Values Added
First Time appeared		Golang Golang crypto Golang ssh
Vendors & Products		Golang Golang crypto Golang ssh

Fri, 14 Nov 2025 07:15:00 +0900

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 14 Nov 2025 06:45:00 +0900

Type	Values Removed	Values Added
Description		SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Title		Potential denial of service in golang.org/x/crypto/ssh/agent
References		https://github.com/advisories/GHSA-hcg3-q754-cr77 https://go.dev/cl/700295 https://go.dev/issue/75178 https://pkg.go.dev/vuln/GO-2025-4116

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2025-11-13T21:29:39.907Z

Updated: 2025-12-16T16:43:43.633Z

Reserved: 2025-05-13T23:31:29.597Z

Link: CVE-2025-47913

Vulnrichment

Updated: 2025-11-13T21:47:40.788Z

NVD

Status : Analyzed

Published: 2025-11-13T22:15:51.280

Modified: 2026-01-09T15:32:12.113

Link: CVE-2025-47913

Redhat

Severity : Important

Publid Date: 2025-11-13T21:29:39Z

Links: CVE-2025-47913 - Bugzilla

OpenCVE Enrichment

Updated: 2025-11-14T18:27:39Z

Weaknesses

CWE-617

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object