CVE-2025-58188: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-58188 is a security vulnerability in Go's crypto/x509 package that affects versions prior to 1.25.2 and 1.24.8. The vulnerability was discovered by Jakub Ciolek and publicly disclosed on October 7, 2025. The issue affects programs that validate certificate chains containing DSA public keys, causing them to panic due to an incorrect interface cast assumption (Golang Announce).

The vulnerability occurs in the crypto/x509 package when validating certificate chains that contain DSA public keys. The root cause is an interface cast that incorrectly assumes the implementation of the Equal method. This assumption leads to a panic condition when processing certificates with DSA public keys. The issue has been assigned a medium priority by Ubuntu and affects multiple versions of the Go programming language (Ubuntu Security).

When exploited, this vulnerability causes programs that validate arbitrary certificate chains to panic, potentially leading to denial of service conditions. The impact is particularly significant for applications that process certificates from untrusted sources or validate certificate chains as part of their security infrastructure (Golang Announce).

The vulnerability has been fixed in Go versions 1.25.2 and 1.24.8. Users are strongly advised to upgrade to these versions or later. The fix was implemented through commits 930ce220d052d632f0d84df5850c812a77b70175 (go1.25.2) and f9f198ab05e3282cbf6b13251d47d9141981e401 (go1.24.8) (Golang Announce).