CVE-2025-65637 – A denial-of-service vulnerability in the logrus... (How to Fix)

Q: How do I fix CVE-2025-65637?

1. Update go.mod to require logrus >= 1.8.3, 1.9.1, or >= 1.9.3. 2. Run 'go mod tidy'. 3. Rebuild and redeploy application. 4. Restart all affected services.

Q: What is the severity of CVE-2025-65637?

CVE-2025-65637 has a CVSS score of 7.5 (HIGH). A denial-of-service vulnerability in the logrus logging library allows attackers to crash applications by logging single-line payloads larger than 64KB without newline characters. This affects applications using Entry.Writer() in vulnerable versions, causing the writer pipe to close and making logging unavailable. The vulnerability impacts all applications using affected logrus versions in their Go projects.

📋 TL;DR

A denial-of-service vulnerability in the logrus logging library allows attackers to crash applications by logging single-line payloads larger than 64KB without newline characters. This affects applications using Entry.Writer() in vulnerable versions, causing the writer pipe to close and making logging unavailable. The vulnerability impacts all applications using affected logrus versions in their Go projects.

💻 Affected Systems

Products:

github.com/sirupsen/logrus

Versions: Versions < 1.8.3, 1.9.0, and 1.9.2

Operating Systems: All operating systems running Go applications

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications using Entry.Writer() method with large single-line payloads. Standard logging methods are not vulnerable.

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application becomes completely unavailable due to logging subsystem failure, requiring restart to recover functionality.

🟠

Likely Case

Application logging stops working, potentially causing cascading failures in dependent systems or making debugging impossible.

🟢

If Mitigated

Application continues to function with degraded logging capability, but core functionality remains operational.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires ability to control log input content. Public proof-of-concept demonstrates reliable DoS.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.8.3, 1.9.1, or 1.9.3+

Vendor Advisory: https://github.com/sirupsen/logrus/releases/tag/v1.8.3

Restart Required: Yes

Instructions:

1. Update go.mod to require logrus >= 1.8.3, 1.9.1, or >= 1.9.3. 2. Run 'go mod tidy'. 3. Rebuild and redeploy application. 4. Restart all affected services.

🔧 Temporary Workarounds

Input validation and truncation

all

Add middleware or wrapper to validate and truncate log entries before passing to Entry.Writer()

// Go code example: if len(logEntry) > 65535 { logEntry = logEntry[:65535] }

Avoid Entry.Writer() for untrusted input

all

Use alternative logging methods that don't use Entry.Writer() for user-controlled content

// Use logrus.StandardLogger() or direct logging methods instead

🧯 If You Can't Patch

Implement strict input validation to reject log entries larger than 64KB
Deploy application behind WAF with payload size limits and anomaly detection

🔍 How to Verify

Check if Vulnerable:

Check go.mod or vendor directory for logrus version. Run: grep -r 'sirupsen/logrus' go.mod

Check Version:

go list -m github.com/sirupsen/logrus

Verify Fix Applied:

Verify updated version in go.mod and test logging with large single-line payloads

📡 Detection & Monitoring

Log Indicators:

'token too long' errors in application logs
Sudden cessation of logging output
Application crashes or restarts

Network Indicators:

Unusual large payloads to logging endpoints
Increased error rates in monitoring

SIEM Query:

source="application.logs" AND ("token too long" OR "bufio.Scanner: token too long")

📊 Metadata

CVE ID: CVE-2025-65637

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-400

EPSS Score: 0.04% exploit probability (9.8th percentile)

Published: December 4, 2025

Last Updated: December 23, 2025

🔗 References

https://github.com/mjuanxd/logrus-dos-poc Exploit,Third Party Advisory
https://github.com/mjuanxd/logrus-dos-poc/blob/main/README.md Exploit,Third Party Advisory
https://github.com/sirupsen/logrus/issues/1370 Exploit,Issue Tracking,Patch
https://github.com/sirupsen/logrus/pull/1376 Issue Tracking,Patch
https://github.com/sirupsen/logrus/releases/tag/v1.8.3 Release Notes
https://github.com/sirupsen/logrus/releases/tag/v1.9.1 Release Notes
https://github.com/sirupsen/logrus/releases/tag/v1.9.3 Release Notes
https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-65637, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Logrus by Turbopuffer

Logrus by Turbopuffer

Logrus by Turbopuffer

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Input validation and truncation

Avoid Entry.Writer() for untrusted input

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities