CVE-2025-61725
published 2025-10-29CVE-2025-61725: The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components…
PriorityP339high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.61%
44.8th percentile
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | golang-1.15 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.19 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.24 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| debian | golang-1.25 | < golang-1.24 1.24.8-1 (forky) | golang-1.24 1.24.8-1 (forky) |
| github.com | open-feature_flagd_core | >= 0 < 0.13.1 | 0.13.1 |
| github.com | open-feature_flagd_flagd | >= 0 < 0.13.1 | 0.13.1 |
| github.com | open-feature_flagd_flagd-proxy | >= 0 < 0.8.2 | 0.8.2 |
| go_standard_library | net_mail | < 1.24.8 | 1.24.8 |
| go_standard_library | net_mail | >= 1.25.0 < 1.25.2 | 1.25.2 |
| msrc | azl3_gcc_13.2.0-7_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.23.12-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.3-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.5-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.6-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.7-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.25.8-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_golang_1.26.0-1_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0 | — | — |
| msrc | azl3_tensorflow_2.16.1-9_on_azure_linux_3.0 | — | — |
| msrc | cbl2_gcc_11.2.0-8_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.18.8-10_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_golang_1.22.7-5_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.8-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_msft-golang_1.24.9-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0 | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.0HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
vendor_msrc6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
net/mail: Excessive CPU consumption in ParseAddress in net/mail
vendor_redhat·2025-10-29·CVSS 7.5
CVE-2025-61725 [HIGH] CWE-770 net/mail: Excessive CPU consumption in ParseAddress in net/mail
net/mail: Excessive CPU consumption in ParseAddress in net/mail
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
A denial of service vulnerability has been discovered in the golang net/mail module. The ParseAddress function constructed domain-literal address components through repeated string concatenation which when parsing large domain-literal components, could cause excessive CPU consumption.
Mitigation: Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Pa
Microsoft
Excessive CPU consumption in ParseAddress in net/mail
vendor_msrc·2025-10-14·CVSS 6.5
CVE-2025-61725 [HIGH] Excessive CPU consumption in ParseAddress in net/mail
Excessive CPU consumption in ParseAddress in net/mail
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Go: Go
Customer Action Required: Yes
Debian
CVE-2025-61725: golang-1.15 - The ParseAddress function constructs domain-literal address components through r...
vendor_debian·2025·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725: golang-1.15 - The ParseAddress function constructs domain-literal address components through r...
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Scope: local
bullseye: open
GHSA
flagd: Multiple Go Runtime CVEs Impact Security and Availability
ghsa·2026-01-05·CVSS 7.0
CVE-2025-47907 [HIGH] CWE-20 flagd: Multiple Go Runtime CVEs Impact Security and Availability
flagd: Multiple Go Runtime CVEs Impact Security and Availability
### Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
| CVE ID | Impacted Package | Severity | Description & Impact on flagd |
| -- | -- | -- | -- |
| CVE-2025-47907 | database/sql | 7.0 (High) | Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations. |
| CVE-2025-61725 | net/mail | 7.5 (High) | DoS: Inefficient complexity in ParseAdd
OSV
flagd: Multiple Go Runtime CVEs Impact Security and Availability
osv·2026-01-05·CVSS 7.0
CVE-2025-47907 [HIGH] flagd: Multiple Go Runtime CVEs Impact Security and Availability
flagd: Multiple Go Runtime CVEs Impact Security and Availability
### Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
| CVE ID | Impacted Package | Severity | Description & Impact on flagd |
| -- | -- | -- | -- |
| CVE-2025-47907 | database/sql | 7.0 (High) | Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations. |
| CVE-2025-61725 | net/mail | 7.5 (High) | DoS: Inefficient complexity in ParseAdd
GHSA
GHSA-qh38-484v-w52x: The ParseAddress function constructeds domain-literal address components through repeated string concatenation
ghsa_unreviewed·2025-10-30
CVE-2025-61725 [HIGH] GHSA-qh38-484v-w52x: The ParseAddress function constructeds domain-literal address components through repeated string concatenation
The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
OSV
CVE-2025-61725: The ParseAddress function constructs domain-literal address components through repeated string concatenation
osv·2025-10-29·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725: The ParseAddress function constructs domain-literal address components through repeated string concatenation
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
OSV
Excessive CPU consumption in ParseAddress in net/mail
osv·2025-10-29
CVE-2025-61725 Excessive CPU consumption in ParseAddress in net/mail
Excessive CPU consumption in ParseAddress in net/mail
The ParseAddress function constructs domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2025-61725 cri-o1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 cri-o1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 cri-o1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-61725 cri-o1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 cri-o1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 cri-o1.31: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-61725 golang-github-haproxytech-dataplaneapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-github-haproxytech-dataplaneapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-github-haproxytech-dataplaneapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61725 kubernetes1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 kubernetes1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 kubernetes1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-61725 meshbird: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 meshbird: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 meshbird: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-61725 image-builder: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 image-builder: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 image-builder: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-61725 golang-github-letsencrypt-pebble: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-github-letsencrypt-pebble: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-github-letsencrypt-pebble: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora
Bugzilla
CVE-2025-61725 forgejo: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 forgejo: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 forgejo: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-61725 podman: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 podman: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
CVE-2025-61725 podman: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Bugzilla
CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed in 1.25.2
Bugzilla
CVE-2025-61725 matterbridge: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 matterbridge: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 matterbridge: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close a
Bugzilla
CVE-2025-61725 reposurgeon: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 reposurgeon: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 reposurgeon: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close al
Bugzilla
CVE-2025-61725 osbuild-composer: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 osbuild-composer: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 osbuild-composer: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clo
Bugzilla
CVE-2025-61725 ignition: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 ignition: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 ignition: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-ed208f5337 (hut-0.8.0-1.fc44) has been submitted as an update to Fedora 44.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-ed208f5337
---
FEDORA-2026-32113d4817 (hut-0.8.0-1.fc43) ha
Bugzilla
CVE-2025-61725 grafana: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 grafana: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 grafana: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bu
Bugzilla
CVE-2025-61725 golang-k8s-kube-openapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-k8s-kube-openapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-k8s-kube-openapi: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61725 golang-google-appengine: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-google-appengine: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-google-appengine: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy
Bugzilla
CVE-2025-61725 golang-github-haproxytech-client-native: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-github-haproxytech-client-native: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-github-haproxytech-client-native: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is
Bugzilla
CVE-2025-61725 golang-k8s-apiextensions-apiserver: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-k8s-apiextensions-apiserver: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-k8s-apiextensions-apiserver: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedo
Bugzilla
CVE-2025-61725 snapd: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 snapd: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 snapd: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-61725 cri-o1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 cri-o1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 cri-o1.29: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 docker-distribution: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
golang fixed in 1.25.2
Bugzilla
CVE-2025-61725 cri-o: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 cri-o: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 cri-o: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug
Bugzilla
CVE-2025-61725 kubernetes1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 kubernetes1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 kubernetes1.30: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close
Bugzilla
CVE-2025-61725 gvisor-tap-vsock: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 gvisor-tap-vsock: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 gvisor-tap-vsock: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
I don’t think we parse email addresses, but it will be fixed anyway by rebuilding gvisor-tap-vsock with a fixed go version
https://pkg.go.dev/vuln/GO-2025-4006
---
This message is a remi
Bugzilla
CVE-2025-61725 opentofu: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 opentofu: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 opentofu: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all b
Bugzilla
CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 hut: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug re
Bugzilla
CVE-2025-61725 aerc: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 aerc: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 aerc: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all bug r
Bugzilla
CVE-2025-61725 golang-github-moby-swarmkit-2: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-github-moby-swarmkit-2: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-github-moby-swarmkit-2: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's
Bugzilla
CVE-2025-61725 kata-containers: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 kata-containers: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 kata-containers: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to clos
Bugzilla
CVE-2025-61725 trivy: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 trivy: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
CVE-2025-61725 trivy: Excessive CPU consumption in ParseAddress in net/mail [fedora-43]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
FEDORA-2026-868e266938 (trivy-0.69.3-1.fc43) has been submitted as an update to Fedora 43.
https://bodhi.fedoraproject.org/updates/FEDORA-2026-868e266938
---
FEDORA-2026-868e266938 has been pushed
Bugzilla
CVE-2025-61725 golang-github-opencontainers-runtime-tools: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 golang-github-opencontainers-runtime-tools: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 golang-github-opencontainers-runtime-tools: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It
Bugzilla
CVE-2025-61725 smtprelay: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
bugzilla·2025-10-30·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 smtprelay: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
CVE-2025-61725 smtprelay: Excessive CPU consumption in ParseAddress in net/mail [fedora-42]
Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process.
The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT.
https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essential+Documents+for+Engineering+Teams
Discussion:
This message is a reminder that Fedora Linux 42 is nearing its end of life.
Fedora will stop maintaining and issuing updates for Fedora Linux 42 on 2026-05-13.
It is Fedora's policy to close all
Bugzilla
CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail
bugzilla·2025-10-29·CVSS 7.5
CVE-2025-61725 [HIGH] CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail
CVE-2025-61725 net/mail: Excessive CPU consumption in ParseAddress in net/mail
The ParseAddress function constructeds domain-literal address components through repeated string concatenation. When parsing large domain-literal components, this can cause excessive CPU consumption.
Wiz
GHSA-4c5f-9mj4-m247 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.0
CVE-2025-47907 [HIGH] GHSA-4c5f-9mj4-m247 Impact, Exploitability, and Mitigation Steps | Wiz
## GHSA-4c5f-9mj4-m247 :
vulnerability analysis and mitigation
## Summary
In 2025, several vulnerabilities in the Go Standard Library were disclosed, impacting Go-based applications like flagd (the evaluation engine for OpenFeature). These CVEs primarily focus on Denial of Service (DoS) through resource exhaustion and Race Conditions in database handling.
CVE-2025-47907
database/sql
7.0 (High)
Race Condition: Canceling a query during a Scan call can return data from the wrong query. Critical if flagd uses SQL-based sync providers (e.g., Postgres), potentially leading to incorrect flag configurations.
CVE-2025-61725
net/mail
7.5 (High)
DoS: Inefficient complexity in ParseAddress. Attackers can provide crafted email strings with large domain literals to exhaust CPU if flagd parse
2025-10-29
Published