Description

Fiber is an Express inspired web framework written in Go. In versions 2.52.8 and below, when using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index (e.g., test.18446744073704), the application crashes due to an out-of-bounds slice allocation in the underlying schema decoder. The root cause is that the decoder attempts to allocate a slice of length idx + 1 without validating whether the index is within a safe or reasonable range. If the idx is excessively large, this leads to an integer overflow or memory exhaustion, causing a panic or crash. This is fixed in version 2.52.9.

INFO

Published Date :

2025-08-05T23:33:28.221Z

Last Modified :

2025-08-07T14:00:09.981Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-54801 vulnerability.

Vendors Products
Gofiber
  • Fiber
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-54801.

URL Resource
https://github.com/gofiber/fiber/commit/e115c08b8f059a4a031b492aa9eef0712411853d cve-icon cve-icon
https://github.com/gofiber/fiber/security/advisories/GHSA-qx2q-88mx-vhg7 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact