CVE-2025-27144

🗓️ 25 Feb 2025 06:55:22Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 10 Views

Mitigation for CVE-2025-27144: validate payloads in Go JOSE to limit excessive dot characters.

Reporter	Title	Published	Views	Family All 654
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	26 Mar 202518:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to CVE-2025-27144 in different components	25 Jun 202516:28	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	19 Dec 202520:44	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Rapid Infrastructure Automation	27 Apr 202610:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libxml2, Go JOSE and FreeType	1 May 202515:16	–	ibm
Tenable Nessus	Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-914)	1 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-930)	14 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : nerdctl (ALAS2023-2025-931)	14 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : nerdctl (ALAS-2025-2821)	17 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux 2 : runfinch-finch (ALASDOCKER-2025-053)	1 Apr 202500:00	–	nessus

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-27144
github	www.github.com/go-jose/go-jose/commit/99b346cec4e86d102284642c5dcbe9bb0cacfc22
github	www.github.com/go-jose/go-jose/releases/tag/v4.0.5
github	www.github.com/go-jose/go-jose/security/advisories/GHSA-c6gw-w398-hv78
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

08 Apr 2025 18:22Current

7.5High risk

Vulners AI Score7.5

CVSS 3.17.5

EPSS0.00152

cve go jose payload validation mitigation excessive dot characters