Moderate severityNVD Advisory· Published Sep 27, 2025· Updated Sep 29, 2025
CVE-2025-10954
CVE-2025-10954
Description
Versions of the package github.com/nyaruka/phonenumbers before 1.2.2 are vulnerable to Improper Validation of Syntactic Correctness of Input in the phonenumbers.Parse() function. An attacker can cause a panic by providing crafted input causing a "runtime error: slice bounds out of range".
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/nyaruka/phonenumbersGo | < 1.2.2 | 1.2.2 |
Affected products
8- osv-coords7 versionspkg:apk/chainguard/hydrapkg:apk/chainguard/hydra-fipspkg:apk/chainguard/weaviatepkg:apk/wolfi/hydrapkg:apk/wolfi/weaviatepkg:golang/github.com/nyaruka/phonenumberspkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed
< 2.3.0-r12+ 6 more
- (no CPE)range: < 2.3.0-r12
- (no CPE)range: < 2.3.0-r10
- (no CPE)range: < 1.33.0-r1
- (no CPE)range: < 2.3.0-r12
- (no CPE)range: < 1.33.0-r1
- (no CPE)range: < 1.2.2
- (no CPE)range: < 0.0.20251105T184115-1.1
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-fmjh-f678-cv3xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-10954ghsaADVISORY
- github.com/nyaruka/phonenumbers/commit/0479e35488e8a002a261cdb515ef8a7f80ca37feghsaWEB
- github.com/nyaruka/phonenumbers/issues/148ghsaWEB
- security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMNYARUKAPHONENUMBERS-6084070ghsaWEB
News mentions
0No linked articles in our index yet.