Fiber Utils UUIDv4 and UUID Silent Fallback to Predictable Values
Description
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/gofiber/utils/v2Go | < 2.0.0-rc.4 | 2.0.0-rc.4 |
github.com/gofiber/utilsGo | < 1.2.0 | 1.2.0 |
Affected products
4- ghsa-coords3 versionspkg:golang/github.com/gofiber/utilspkg:golang/github.com/gofiber/utils/v2pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6
< 1.2.0+ 2 more
- (no CPE)range: < 1.2.0
- (no CPE)range: < 2.0.0-rc.4
- (no CPE)range: < 0.0.20251230T014957-150000.1.134.1
- gofiber/utilsv5Range: github.com/gofiber/utils <= 1.2.0
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-m98w-cqp3-qcqrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-66565ghsaADVISORY
- github.com/gofiber/utils/commit/6c6cf047032b9c8dff43d29f990b4b10e9b02d47ghsax_refsource_MISCWEB
- github.com/gofiber/utils/security/advisories/GHSA-m98w-cqp3-qcqrghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.