CVE-2025-58181 – This vulnerability in SSH servers allows attack... (How to Fix)

Q: What is the severity of CVE-2025-58181?

CVE-2025-58181 has a CVSS score of 5.3 (MEDIUM). This vulnerability in SSH servers allows attackers to cause denial of service through memory exhaustion by sending malformed GSSAPI authentication requests. It affects SSH servers using GSSAPI authentication, particularly those built with vulnerable versions of Go's crypto/ssh package. Systems with GSSAPI enabled for SSH authentication are at risk.

📋 TL;DR

This vulnerability in SSH servers allows attackers to cause denial of service through memory exhaustion by sending malformed GSSAPI authentication requests. It affects SSH servers using GSSAPI authentication, particularly those built with vulnerable versions of Go's crypto/ssh package. Systems with GSSAPI enabled for SSH authentication are at risk.

💻 Affected Systems

Products:

Go crypto/ssh package
Applications using Go's crypto/ssh with GSSAPI support

Versions: Go versions before 1.23.3 and 1.22.12

Operating Systems: All operating systems running affected Go applications

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when GSSAPI authentication is enabled in SSH server configuration. Most default SSH configurations do not enable GSSAPI.

📦 What is this software?

Crypto by Golang

View all CVEs affecting Crypto →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete SSH service disruption due to memory exhaustion, preventing legitimate authentication and potentially affecting system stability.

🟠

Likely Case

SSH service degradation or temporary unavailability requiring service restart, impacting remote administration capabilities.

🟢

If Mitigated

Minimal impact if GSSAPI authentication is disabled or proper resource limits are configured.

🌐 Internet-Facing: MEDIUM - SSH servers exposed to the internet with GSSAPI enabled could be targeted for DoS attacks.

🏢 Internal Only: LOW - Internal attackers could disrupt SSH services, but impact is limited to denial of service.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires sending specially crafted SSH packets to trigger the memory allocation issue. No authentication is required to send the malformed request.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Go 1.23.3 and Go 1.22.12

Vendor Advisory: https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA

Restart Required: Yes

Instructions:

1. Update Go to version 1.23.3 or 1.22.12. 2. Rebuild any applications using crypto/ssh package. 3. Restart SSH services using the updated applications.

🔧 Temporary Workarounds

Disable GSSAPI authentication

all

Disable GSSAPI authentication in SSH server configuration to prevent exploitation

In sshd_config: set 'GSSAPIAuthentication no'

🧯 If You Can't Patch

Disable GSSAPI authentication in SSH configuration
Implement network controls to limit SSH access to trusted sources only

🔍 How to Verify

Check if Vulnerable:

Check if SSH server uses Go crypto/ssh package and has GSSAPI authentication enabled. Review sshd_config for 'GSSAPIAuthentication yes'.

Check Version:

go version

Verify Fix Applied:

Verify Go version is 1.23.3 or 1.22.12, and SSH services have been restarted after update.

📡 Detection & Monitoring

Log Indicators:

Multiple failed GSSAPI authentication attempts
SSH service crashes or restarts
High memory usage by SSH processes

Network Indicators:

Unusual volume of SSH connection attempts with GSSAPI negotiation
Malformed SSH packets targeting port 22

SIEM Query:

source="sshd" AND ("GSSAPI" OR "authentication failure") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2025-58181

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE: CWE-770

EPSS Score: 0.08% exploit probability (24.2th percentile)

Published: November 19, 2025

Last Updated: December 11, 2025

🔗 References

https://go.dev/cl/721961 Patch
https://go.dev/issue/76363 Issue Tracking
https://groups.google.com/g/golang-announce/c/w-oX3UxNcZA Mailing List
https://pkg.go.dev/vuln/GO-2025-4134 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-58181, you might also want to check these: