CVE-2025-47914: 
cAdvisor vulnerability analysis and mitigation

A vulnerability was discovered in SSH Agent servers within the golang.org/x/crypto/ssh/agent package, identified as CVE-2025-47914. The vulnerability was reported by Jakub Ciolek and publicly disclosed on November 19, 2025. The issue affects SSH Agent servers that fail to validate message sizes during the processing of new identity requests (Go Project, NVD).

The vulnerability is classified as an Out-of-bounds Read (CWE-125) with a CVSS v3.1 base score of 5.3 (Medium). The attack vector is network-based, with low attack complexity and requires no privileges or user interaction. The vulnerability has a scope rated as unchanged, with no impact on confidentiality or integrity, but does affect availability (NVD, Ubuntu).

When exploited, this vulnerability can cause the program to panic if a malformed message is received, potentially leading to a denial of service condition. The impact is primarily focused on availability, with no direct effects on system confidentiality or integrity (NVD).

The vulnerability has been fixed in golang.org/x/crypto version v0.45.0. Users are advised to upgrade to this version or later to address the security issue. The fix was implemented through a commit in the golang/crypto repository (Go Project).