CVE-2025-22865

Vulnerability

ParsePKCS1PrivateKey in the crypto/x509 package of Go's standard library panics when parsing an RSA private key that lacks the Chinese Remainder Theorem (CRT) values. The panic occurs during key well-formedness verification, as the function assumes CRT values are present [1]. This is a logic error in the parsing routine.

Exploitation

An attacker can exploit this by providing a crafted RSA private key that is missing one or more CRT parameters (e.g., dQ, dP, qInv). The key must be in PKCS#1 format and passed to ParsePKCS1PrivateKey. No authentication or special network position is required; any service that parses user-supplied private keys (e.g., certificate management tools) is vulnerable.

Impact

Successful exploitation causes a panic (runtime crash) of the Go process, leading to denial of service (DoS). The CVSS score of 7.5 reflects the high availability impact. No code execution or data breach is reported.

Mitigation

The issue is fixed in Go 1.24 RC2 and will be included in the stable Go 1.24 release [2][3]. Users are advised to update to the latest version. Alternatively, applications can validate keys before parsing or use a wrapper that recovers from panics.