CVE-2025-25199
Published: 12 February 2025
Summary
CVE-2025-25199 is a high-severity Missing Release of Memory after Effective Lifetime (CWE-401) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Application or System Exploitation (T1499.004); ranked in the top 22.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and RA-5 (Vulnerability Monitoring and Scanning).
Deeper analysis
CVE-2025-25199 is a memory leak vulnerability in the go-crypto-winnative package, the Go cryptography backend for Windows that uses the Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, repeated calls to cng.TLS1PRF fail to release the key handle, resulting in a small memory leak on each invocation. The issue is tracked under CWE-401 and carries a CVSS 3.1 score of 7.5 reflecting high availability impact.
An unauthenticated remote attacker can trigger the flaw by sending crafted TLS traffic that exercises the TLS1PRF function, gradually exhausting memory on affected Windows systems and leading to denial of service. No privileges or user interaction are required, and the attack can be mounted over the network with low complexity.
The GitHub Security Advisory GHSA-29c6-3hcj-89cf and the referenced commit describe the fix, which is shipped in Microsoft Go builds 1.23.6-2 and 1.22.12-2 as well as pseudoversion 0.0.0-20250211154640-f49c8e1379ea of github.com/microsoft/go-crypto-winnative. Organizations should update to these releases to eliminate the leak.
EPSS for the CVE rose from a low baseline to a peak of 0.0870 on 2026-02-18 before receding to the current value of 0.0103, indicating a period of increased exploitation interest after disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-4085
Vulnerability details
go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The…
more
fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com/microsoft/go-crypto-winnative` Go package.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The memory leak in TLS1PRF allows remote unauthenticated attackers to trigger repeated invocations via TLS handshakes, causing gradual memory exhaustion and denial of service on the endpoint, directly mapping to application/system exploitation for DoS.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely remediation of software flaws like the memory leak in go-crypto-winnative by applying the fixing commit or updated package versions.
Vulnerability scanning identifies deployments using vulnerable versions of the go-crypto-winnative package prior to exploitation.
Denial-of-service protections limit the effects of repeated TLS1PRF invocations causing memory exhaustion on affected Windows systems.