CVE-2025-11065: go-viper's mapstructure May Leak Sensitive Information in Logs When Processing Malformed Data
(updated )
Use of this library in a security-critical context may result in leaking sensitive information, if used to process sensitive fields.
References
- access.redhat.com/security/cve/CVE-2025-11065
- bugzilla.redhat.com/show_bug.cgi?id=2391829
- github.com/advisories/GHSA-2464-8j7c-4cjm
- github.com/go-viper/mapstructure
- github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c
- github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm
- nvd.nist.gov/vuln/detail/CVE-2025-11065
- pkg.go.dev/vuln/GO-2025-3900
Code Behaviors & Features
Detect and mitigate CVE-2025-11065 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →