How to fix CVE-2025-61729?

Within 24 hours: Identify all systems running vulnerable versions and assess exposure in production environments. Within 7 days: Apply the available vendor patch to all affected systems, prioritizing internet-facing and customer-critical infrastructure. Within 30 days: Conduct post-patch validation testing and update vulnerability tracking systems to confirm remediation across the organization.

Is Ubuntu affected by CVE-2025-61729?

A vulnerability in certificate error handling could allow attackers to consume excessive system resources by providing malicious certificates, potentially causing denial of service.

CVE-2025-61729

EUVD-2025-200318 HIGH

2025-12-02 [email protected]

7.5

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 15, 2026 - 14:04 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 14:04 euvd

EUVD-2025-200318

Patch Released

Mar 15, 2026 - 14:04 nvd

Patch available

CVE Published

Dec 02, 2025 - 19:15 nvd

HIGH 7.5

Description

Within HostnameError.Error(), when constructing an error string, there is no limit to the number of hosts that will be printed out. Furthermore, the error string is constructed by repeated string concatenation, leading to quadratic runtime. Therefore, a certificate provided by a malicious actor can result in excessive resource consumption.

Analysis

Technical Context

This vulnerability is classified as Improper Certificate Validation (CWE-295).

Affected Products

Affected products: Golang Go

Remediation

A vendor patch is available. Apply it as soon as possible and verify the fix.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +38

POC: 0

Vendor Status

Ubuntu

Priority: Medium

golang-1.24

Release	Status	Version
questing	needs-triage	-
upstream	needs-triage	-
plucky	ignored	end of life, was needs-triage
jammy	needs-triage	-
noble	needs-triage	-

golang-1.25

Release	Status	Version
jammy	DNE	-
noble	DNE	-
plucky	DNE	-
questing	needs-triage	-
upstream	needs-triage	-

Debian

Bug #1121848

golang-1.15

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.15.15-1~deb11u4	-
(unstable)	fixed	(unfixed)	-

golang-1.19

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	1.19.8-2	-
(unstable)	fixed	(unfixed)	-

golang-1.24

Release	Status	Fixed Version	Urgency
trixie	vulnerable	1.24.4-1	-
forky, sid	fixed	1.24.13-2	-
(unstable)	fixed	1.24.12-1	-

golang-1.25

Release	Status	Fixed Version	Urgency
forky, sid	fixed	1.25.8-1	-
(unstable)	fixed	1.25.6-1	-

CVE-2025-61729 vulnerability details – vuln.today

Back

CVE-2025-61729

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-61729

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code