CVE-2025-47913

Aliases:GO-2025-4116GHSA-56w8-48fp-6mgv

Advisory lineage Upstream: 0 Downstream: 65

Downstream

DEBIAN-CVE-2025-47913 OPENSUSE-RU-2026:20010-1 OPENSUSE-SU-2025:15744-1 OPENSUSE-SU-2025:15752-1 OPENSUSE-SU-2025:15771-1 OPENSUSE-SU-2025:15773-1

Analyzed

Published: 13 Nov 2025, 21:29

Last modified:16 Dec 2025, 16:43

Vulnerability Summary

Overall Risk (default)

medium

40/100

CVSS Score

7.5 HIGH

v3.1 (cve.org)

EPSS Score

0.02% LOW

0% probability -0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

1 found

Dark Web

Not detected

Timeline

13 Nov 2025, 21:29

Published

Vulnerability first disclosed

16 Dec 2025, 16:43

Last Modified

Vulnerability information updated

Description

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

CVSS Metrics

v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.02%• Percentile: 5%

Techniques & Countermeasures

CWE-617•Reachable Assertion
The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

Affected Systems

go•ssh
< 0.43.0
golang.org/x•crypto
< 0.43.0
golang.org/x/crypto•golang.org/x/crypto/ssh/agent
< 0.43.0