CVE-2025-47913 - Vulnerability Details

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00018.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Golang Subscribe	Crypto Subscribe Ssh Subscribe

No data.

OpenCVE Enrichment is a feature of OpenCVE that uses AI to automatically link vendors and products to CVEs. Learn more on GitHub.

Vendors	Products
Golang Subscribe	Crypto Subscribe Ssh Subscribe

Advisories

No advisories yet.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://github.com/advisories/GHSA-hcg3-q754-cr77
https://go.dev/cl/700295
https://go.dev/issue/75178
https://nvd.nist.gov/vuln/detail/CVE-2025-47913
https://pkg.go.dev/vuln/GO-2025-4116
https://www.cve.org/CVERecord?id=CVE-2025-47913

History

Wed, 26 Nov 2025 00:15:00 +0000

Type	Values Removed	Values Added
References		https://nvd.nist.gov/vuln/detail/CVE-2025-47913 https://www.cve.org/CVERecord?id=CVE-2025-47913
Metrics	threat_severity `None`	threat_severity `Important`

Fri, 14 Nov 2025 09:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Golang Golang crypto Golang ssh
Vendors & Products		Golang Golang crypto Golang ssh

Thu, 13 Nov 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Thu, 13 Nov 2025 21:45:00 +0000

Type	Values Removed	Values Added
Description		SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.
Title		Potential denial of service in golang.org/x/crypto/ssh/agent
References		https://github.com/advisories/GHSA-hcg3-q754-cr77 https://go.dev/cl/700295 https://go.dev/issue/75178 https://pkg.go.dev/vuln/GO-2025-4116

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2025-11-13T21:29:39.907Z

Updated: 2025-11-13T21:47:50.864Z

Reserved: 2025-05-13T23:31:29.597Z

Link: CVE-2025-47913

Vulnrichment

Updated: 2025-11-13T21:47:40.788Z

NVD

Status : Awaiting Analysis

Published: 2025-11-13T22:15:51.280

Modified: 2025-11-14T16:42:03.187

Link: CVE-2025-47913

Redhat

Severity : Important

Publid Date: 2025-11-13T21:29:39Z

Links: CVE-2025-47913 - Bugzilla

OpenCVE Enrichment

Updated: 2025-11-14T09:27:39Z

Weaknesses

No weakness.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

Projects

JSON object

JSON object

JSON object

JSON object

JSON object