What is the CVSS score of CVE-2025-58190?

CVE-2025-58190 has a CVSS 3.1 base score of 5.3 (Medium). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L. EPSS exploitation probability: 0.0%.

Which versions of Golang are affected by CVE-2025-58190?

CVE-2025-58190 presents moderate security risk rated CVSS 5.3. Exploitation could compromise the security of affected deployments. Proof-of-concept code is publicly available.. A patch is available.

Is there a public PoC exploit available for CVE-2025-58190?

Yes, a public proof-of-concept exploit is available for CVE-2025-58190. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-58190?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Golang CVE-2025-58190

MEDIUM

Loop with Unreachable Exit Condition (Infinite Loop) (CWE-835)

2026-02-05 security@golang.org

Denial Of Service Golang Red Hat Html Suse

5.3

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Analysis Generated

Mar 12, 2026 - 21:55 vuln.today

PoC Detected

Feb 18, 2026 - 17:46 vuln.today

Public exploit code

Patch released

Feb 18, 2026 - 17:46 nvd

Patch available

CVE Published

Feb 05, 2026 - 18:16 nvd

MEDIUM 5.3

DescriptionNVD

The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.

AnalysisAI

Technical ContextAI

Classified as CWE-835 (Loop with Unreachable Exit Condition (Infinite Loop)). Affects Html. The html.Parse function in golang.org/x/net/html has an infinite parsing loop when processing certain inputs, which can lead to denial of service (DoS) if an attacker provides specially crafted HTML content.