CVE-2025-47913: golang.org/x/crypto/ssh/agent has a potential denial of service

November 14, 2025 (updated June 19, 2026)

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

References

github.com/advisories/GHSA-56w8-48fp-6mgv
go.dev/cl/700295
go.dev/issue/75178
nvd.nist.gov/vuln/detail/CVE-2025-47913
pkg.go.dev/vuln/GO-2025-4116

Code Behaviors & Features

Detect and mitigate CVE-2025-47913 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →