🟠 High  |  Source: Microsoft Security Response Center


CVE-2025-58188 is a vulnerability in Go’s crypto/x509 package that causes a panic (crash) when parsing or validating certificates containing DSA public keys. This can result in a denial-of-service condition in any application or service that processes untrusted certificates using Go’s standard library. Services running on Azure or elsewhere that handle TLS certificate validation or PKI operations in Go may be affected.

Security Architect’s Take: Audit your Azure workloads and container images for Go-based services that perform certificate validation — particularly any that accept externally supplied certificates. Prioritise updating affected Go runtimes to the patched version and review any API gateways, service meshes, or certificate management tooling built on Go.

Original advisory: CVE-2025-58188 Panic when validating certificates with DSA public keys in crypto/x509