🟠 High | Source: Microsoft Security Response Center
CVE-2025-61724 is a vulnerability in Go’s standard library, specifically in the net/textproto package, where the Reader.ReadResponse function can be exploited to cause excessive CPU consumption. This is a denial-of-service class vulnerability that could allow an attacker to degrade or exhaust service availability in applications built with affected versions of Go. Microsoft has flagged this as relevant to Azure services or components that rely on Go-based workloads.
Security Architect’s Take: Audit your Azure-hosted workloads and container images for Go applications using the net/textproto package, and prioritise upgrading to a patched Go runtime version. Pay particular attention to internet-facing HTTP services or proxies where an unauthenticated attacker could craft malicious responses to trigger excessive CPU usage.
Original advisory: CVE-2025-61724 Excessive CPU consumption in Reader.ReadResponse in net/textproto