CVE-2025-47913: Potential denial of service in golang.org/x/crypto/ssh/agent

Overview

Severity

High (CVSS 7.5)

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P

Exploit Status

Not Exploited

Patch Tuesday

2025-Nov

Released

2025-11-17

Last Updated

2025-11-25

EPSS Score

0.04% (percentile: 11.8%)

Affected Products (8)

Open Source Software

• cbl2 moby-compose 2.17.3-11 on CBL Mariner 2.0
• cbl2 packer 1.9.5-15 on CBL Mariner 2.0
• azl3 kubevirt 1.5.0-5 on Azure Linux 3.0
• azl3 packer 1.9.5-10 on Azure Linux 3.0
• azl3 docker-buildx 0.14.0-7 on Azure Linux 3.0

Mariner

• azl3 docker-compose 2.27.0-5 on Azure Linux 3.0
• azl3 libcontainers-common 20240213-3 on Azure Linux 3.0
• azl3 telegraf 1.31.0-10 on Azure Linux 3.0

Revision History

• 2025-11-17: Information published.
• 2025-11-19: Information published.
• 2025-11-19: Information published.
• 2025-11-20: Information published.
• 2025-11-25: Information published.