CVE-2025-22865
published 2025-01-28CVE-2025-22865: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
0.59%
43.6th percentile
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24~rc2-1 (forky) | golang-1.24 1.24~rc2-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24~rc2-1 (forky) | golang-1.24 1.24~rc2-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24~rc2-1 (forky) | golang-1.24 1.24~rc2-1 (forky) |
| go_standard_library | crypto_x509 | >= 1.24.0-0 < 1.24.0-rc.2 | 1.24.0-rc.2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
vendor_redhat·2025-01-28·CVSS 7.5
CVE-2025-22865 [HIGH] CWE-228 crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
crypto/x509: ParsePKCS1PrivateKey panic with partial keys in crypto/x509
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
A flaw was found in the crypto/x509 golang library. When using ParsePKCS1PrivateKey to parse an RSA key missing the CRT values, causes a panic when verifying the key is well formed.
Statement: This vulnerability affects only the Go 1.24 release candidates. Red Hat products do not utilize Go 1.24, except Red Hat Ceph Storage 8 which includes a Grafana container that uses Go 1.24 and is therefore affected by this issue.
Package: rhai-tech-preview/assisted-installer-rhel8 (Assisted Installer for Red Hat OpenShift Container Platform 2) - Not affected
Package: cryostat-tech-preview/cryos
Debian
CVE-2025-22865: golang-1.15 - Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values wou...
vendor_debian·2025·CVSS 7.5
CVE-2025-22865 [HIGH] CVE-2025-22865: golang-1.15 - Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values wou...
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
Scope: local
bullseye: resolved
OSV
CVE-2025-22865: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed
osv·2025-01-28·CVSS 7.5
CVE-2025-22865 [HIGH] CVE-2025-22865: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
OSV
ParsePKCS1PrivateKey panic with partial keys in crypto/x509
osv·2025-01-28
CVE-2025-22865 ParsePKCS1PrivateKey panic with partial keys in crypto/x509
ParsePKCS1PrivateKey panic with partial keys in crypto/x509
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
GHSA
GHSA-v7qx-rccr-23xm: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed
ghsa_unreviewed·2025-01-28
CVE-2025-22865 [HIGH] GHSA-v7qx-rccr-23xm: Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed
Using ParsePKCS1PrivateKey to parse a RSA key that is missing the CRT values would panic when verifying that the key is well formed.
No detection rules found.
No public exploits indexed.
2025-01-28
Published