VYPR
Medium severity5.3OSV Advisory· Published Jan 26, 2026· Updated Apr 15, 2026

CVE-2025-11065

CVE-2025-11065

Description

A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/go-viper/mapstructure/v2Go
< 2.4.02.4.0

Affected products

274

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.