What is the CVSS score of CVE-2025-65637?

CVE-2025-65637 has a CVSS 3.1 base score of 7.5 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.0%.

Which versions of Ubuntu are affected by CVE-2025-65637?

A denial-of-service vulnerability in the Logrus logging library could render applications unavailable if they process large log payloads without newline characters.. A patch is available.

Is there a public PoC exploit available for CVE-2025-65637?

Yes, a public proof-of-concept exploit is available for CVE-2025-65637. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-65637?

Within 24 hours: Identify all applications and services using Logrus versions 1.8.x (prior to 1.8.3), 1.9.0, or 1.9.2 through dependency scanning. Within 7 days: Upgrade to patched versions (1.8.3, 1.9.1, or 1.9.3+) and conduct testing in non-production environments. Within 30 days: Deploy patched versions to all production systems and verify successful application startup and logging functionality.

Ubuntu CVE-2025-65637

EUVD-2025-201258 HIGH

Uncontrolled Resource Consumption (CWE-400)

2025-12-04 cve@mitre.org

GHSA-4f99-4q7p-p3gh

Denial Of Service Ubuntu Debian Logrus Red Hat Suse

7.5

CVSS 3.1 · NVD

Severity by source

NVD PRIMARY

7.5 HIGH

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Ubuntu

MEDIUM

qualitative

SUSE

HIGH

qualitative

Red Hat

7.5 MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

EUVD ID Assigned

Mar 15, 2026 - 16:35 euvd

EUVD-2025-201258

Analysis Generated

Mar 15, 2026 - 16:35 vuln.today

Patch released

Mar 15, 2026 - 16:35 nvd

Patch available

PoC Detected

Dec 23, 2025 - 00:26 vuln.today

Public exploit code

CVE Published

Dec 04, 2025 - 19:16 nvd

HIGH 7.5

DescriptionCVE.org

A denial-of-service vulnerability exists in github.com/sirupsen/logrus when using Entry.Writer() to log a single-line payload larger than 64KB without newline characters. Due to limitations in the internal bufio.Scanner, the read fails with "token too long" and the writer pipe is closed, leaving Writer() unusable and causing application unavailability (DoS). This affects versions < 1.8.3, 1.9.0, and 1.9.2. The issue is fixed in 1.8.3, 1.9.1, and 1.9.3+, where the input is chunked and the writer continues to function even if an error is logged.

Analysis

Technical ContextAI

A denial of service vulnerability allows an attacker to disrupt the normal functioning of a system, making it unavailable to legitimate users. This vulnerability is classified as Uncontrolled Resource Consumption (CWE-400).

RemediationAI

A vendor patch is available — apply it immediately. Implement rate limiting and input validation. Use timeout mechanisms for resource-intensive operations. Deploy DDoS protection where applicable.

Vendor StatusVendor

Ubuntu

Priority: Medium

golang-logrus

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	released	1.9.3-1
plucky	ignored	end of life, was needs-triage

Debian

golang-logrus

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.7.0-2	-
bookworm, trixie	vulnerable	1.9.0-1	-
forky, sid	fixed	1.9.3-1	-
(unstable)	fixed	1.9.3-1	-

SUSE

Severity: High

Product	Status
SUSE Liberty Linux 8	Fixed

CVE-2025-65637 vulnerability details – vuln.today

Back

Ubuntu CVE-2025-65637

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Technical ContextAI

RemediationAI

Vendor StatusVendor

Ubuntu

Debian

SUSE

Share

External POC / Exploit Code