CVE-2025-61723: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-61723 is a security vulnerability discovered in Go programming language's encoding/pem package. The vulnerability affects Go versions prior to 1.25.2 and 1.24.8, where the PEM parsing function exhibits quadratic complexity when processing certain invalid inputs. This vulnerability was reported by Jakub Ciolek and was addressed in the October 2025 security updates (Go Announce, OSS Security).

The vulnerability stems from the design of the PEM parsing function, where the processing time for certain inputs scales non-linearly with respect to the input size. This creates a potential denial of service vector when parsing untrusted PEM inputs. The issue was tracked internally as Go issue #75676 and has been assigned a CVE identifier of CVE-2025-61723 (Go Issue).

This vulnerability affects programs that parse untrusted PEM inputs, potentially leading to excessive CPU consumption and degraded performance. The non-linear scaling of processing time could be exploited by attackers to create denial of service conditions in affected applications (Go Announce).

The vulnerability has been fixed in Go versions 1.25.2 and 1.24.8. Users are strongly recommended to upgrade to these versions or later to address the security issue. The fix was released as part of a larger security update that addressed multiple vulnerabilities (Go Announce).