Description

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

INFO

Published Date :

2026-01-26T19:36:28.900Z

Last Modified :

2026-02-03T19:21:17.175Z

Source :

redhat
AFFECTED PRODUCTS

The following products are affected by CVE-2025-11065 vulnerability.

Vendors Products
Redhat
  • Acm
  • Advanced Cluster Security
  • Certifications
  • Enterprise Linux
  • Openshift
  • Openshift Ai
  • Openshift Devspaces
  • Openshift Distributed Tracing
  • Openshift Gitops
  • Openshift Pipelines
  • Trusted Application Pipeline
  • Trusted Artifact Signer
  • Zero Trust Workload Identity Manager
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-11065.

URL Resource
https://access.redhat.com/security/cve/CVE-2025-11065 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2391829 cve-icon cve-icon
https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c cve-icon cve-icon cve-icon
https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm cve-icon cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-11065 cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-11065 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact