CVE-2025-58190

Summary

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

Affected Software

VendorProductVersion RangeStatus
golang.org/x/netgolang.org/x/net/html0 < 0.45.0affected

Weaknesses

  • CWE-835: Loop with Unreachable Exit Condition

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References