CVE-2025-54801: 
Wolfi vulnerability analysis and mitigation

CVE-2025-54801 is a high-severity vulnerability discovered in Fiber's Ctx.BodyParser functionality. The vulnerability affects the parsing of form data containing large numeric keys representing slice indices. This security flaw was identified in version 2.52.8 of github.com/gofiber/fiber/v2 and has been patched in version 2.52.9 (GitHub Advisory).

The vulnerability occurs when the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. When processing form data with extremely large numeric keys (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The vulnerability has been assigned a CVSS v4 score of 8.7, indicating high severity, with the vector string CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N (GitHub Advisory).

The vulnerability can lead to application panic or crash when processing malicious or malformed input. This can result in a denial of service (DoS) through memory exhaustion or server crash. The lack of defensive checks in the parsing code causes system instability (GitHub Advisory).

The recommended mitigation is to upgrade to version 2.52.9 or later of github.com/gofiber/fiber/v2, which contains the patch for this vulnerability (GitHub Advisory).