CVE-2025-58188: 
cAdvisor Analyse et atténuation des vulnérabilités

CVE-2025-58188 is a vulnerability discovered in the Go programming language's crypto/x509 package that affects certificate chain validation. The vulnerability was disclosed on October 29, 2025, and affects Go versions before 1.24.8 and from 1.25.0 before 1.25.2. The issue occurs when validating certificate chains containing DSA public keys, where an interface cast incorrectly assumes the implementation of the Equal method (Go Packages, Ubuntu Security).

The vulnerability stems from an implementation flaw in the crypto/x509 package where certificate validation code performs an interface cast that assumes DSA public keys implement the Equal method. This assumption leads to a panic condition when processing certificate chains containing DSA public keys. The vulnerability has been assigned a CVSS v3.1 Base Score of 7.5 (High), with an attack vector of Network, low attack complexity, no privileges required, and no user interaction needed (Rapid7).

When exploited, this vulnerability causes programs that validate arbitrary certificate chains to panic, leading to a denial of service condition. The impact is primarily focused on availability, with no direct effect on confidentiality or integrity of the system (Golang Announce).

The vulnerability has been fixed in Go versions 1.24.8 and 1.25.2. Users are advised to upgrade to these patched versions. The fix was implemented through commits in the Go repository. For Go 1.25.x, users should upgrade to version 1.25.2, and for Go 1.24.x, users should upgrade to version 1.24.8 (Golang Announce).