CVE-2025-22869

HIGH

go/ssh < 0.35.0 - Denial of Service via Slow Key Exchange

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-22869. PoCs published by sempernow.

AI-analyzed exploit summary The repository contains standard project files (GitHub workflows, issue templates, contributing guidelines) but no exploit code or technical details related to CVE-2025-22869. It appears to be a placeholder or unrelated project.

Description

SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.

Exploits (1)

gitlab STUB

by sempernow · poc

https://gitlab.com/sempernow/age

View Code ZIP pw:eip

The repository contains standard project files (GitHub workflows, issue templates, contributing guidelines) but no exploit code or technical details related to CVE-2025-22869. It appears to be a placeholder or unrelated project.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: age (unknown version)

No auth needed

Prerequisites: none

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (4)

Core 4

Core References

Patch

https://go.dev/cl/652135

Issue Tracking, Patch

https://go.dev/issue/71931

Vendor Advisory

https://pkg.go.dev/vuln/GO-2025-3487

Third Party Advisory

https://security.netapp.com/advisory/ntap-20250411-0010/

Scores

CVSS v3 7.5

EPSS 0.0087

EPSS Percentile 53.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-770

Status published

Products (2)

go/ssh < 0.35.0

x/crypto 0 - 0.35.0Go

Published Feb 26, 2025

Tracked Since Feb 18, 2026