CVE-2025-22865
HIGH7.5EPSS 0.07%ParsePKCS1PrivateKey panic with partial keys in crypto/x509
Published: 1/28/2025Modified: 4/28/2026
Description
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Affected packages (3)
- Bitnami/golang>= 1.24.0-0, < 1.24.0-rc.2
- Debian/golang-1.24from 0, < 1.24~rc2-1
- Go/stdlib>= 1.24.0-0, < 1.24.0-rc.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |