CVE-2025-66565

CRITICAL

Fiber Utils <2.0.0-rc.3 - Info Disclosure

Title source: llm

Description

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.

References (2)

Scores

CVSS v3 9.8
EPSS 0.0007
EPSS Percentile 20.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-331 CWE-252 CWE-338
Status published

Affected Products (21)

gofiber/utils < 1.2.0
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
gofiber/utils
... and 6 more

Timeline

Published Dec 09, 2025
Tracked Since Feb 18, 2026