CVE-2025-13353: gokey allows secret recovery from a seed file without the master password

December 2, 2025

In gokey versions <0.2.0, a flaw in the seed decryption logic resulted in passwords incorrectly being derived solely from the initial vector and the AES-GCM authentication tag of the key seed.

This issue has been fixed in gokey version 0.2.0. This is a breaking change. The fix has invalidated any passwords/secrets that were derived from the seed file (using the -s option). Even if the input seed file stays the same, version 0.2.0 gokey will generate different secrets.

References

github.com/advisories/GHSA-69jw-4jj8-fcxm
github.com/cloudflare/gokey
github.com/cloudflare/gokey/commit/f261819e99ea169843bd5aa3e643d046260ff511
github.com/cloudflare/gokey/security/advisories/GHSA-69jw-4jj8-fcxm
nvd.nist.gov/vuln/detail/CVE-2025-13353

Code Behaviors & Features

Detect and mitigate CVE-2025-13353 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →