Description

Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.

INFO

Published Date :

2025-12-09T01:47:58.430Z

Last Modified :

2025-12-09T16:03:03.356Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2025-66565 vulnerability.

Vendors Products
Gofiber
  • Utils
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-66565.

URL Resource
https://github.com/gofiber/utils/commit/6c6cf047032b9c8dff43d29f990b4b10e9b02d47 cve-icon cve-icon
https://github.com/gofiber/utils/security/advisories/GHSA-m98w-cqp3-qcqr cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Attack Requirements
Privileges Required
User Interaction
VS Confidentiality
VS Integrity
VS Availability
SS Confidentiality
SS Integrity
SS Availability
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact