CVE-2025-58188: 
cAdvisor Analisi e mitigazione delle vulnerabilità

CVE-2025-58188 is a vulnerability discovered in Go programming language that affects certificate chain validation. The vulnerability was disclosed on October 29, 2025, and affects multiple versions of Go before 1.24.8 and 1.25.2. The issue occurs when validating certificate chains containing DSA public keys, which can cause programs to panic due to an interface cast that incorrectly assumes they implement the Equal method (Ubuntu Security, Golang Announce).

The vulnerability stems from an implementation flaw in the crypto/x509 package where certificate validation code makes incorrect assumptions about DSA public keys implementing the Equal method. This affects the Certificate.Verify functionality in the crypto/x509 package. The issue has been assigned a CVSS 3.1 Base Score of 7.5 (High), indicating significant severity. The vulnerability affects Go versions before 1.24.8 and from 1.25.0 before 1.25.2 (Debian Security, Go Packages).

When exploited, this vulnerability can cause programs that validate arbitrary certificate chains to panic, potentially leading to denial of service conditions. This particularly affects applications that process certificates containing DSA public keys. The impact is primarily focused on availability, with no direct effects on confidentiality or integrity (Rapid7).

The issue has been fixed in Go versions 1.24.8 and 1.25.2. Users are strongly advised to upgrade to these versions or later. The fix was implemented through commits in the Go repository, specifically addressing the interface cast issue in the crypto/x509 package. Organizations using affected versions should prioritize updating their Go installations to the patched versions (Golang Announce).