{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-14T22:20:39.555","vulnerabilities":[{"cve":{"id":"CVE-2025-25199","sourceIdentifier":"security-advisories@github.com","published":"2025-02-12T18:15:27.933","lastModified":"2025-02-12T18:15:27.933","vulnStatus":"Awaiting Analysis","cveTags":[],"descriptions":[{"lang":"en","value":"go-crypto-winnative Go crypto backend for Windows using Cryptography API: Next Generation (CNG). Prior to commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, calls to `cng.TLS1PRF` don't release the key handle, producing a small memory leak every time. Commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contains a fix for the issue. The fix is included in versions 1.23.6-2 and 1.22.12-2 of the Microsoft build of go, as well as in the pseudoversion 0.0.0-20250211154640-f49c8e1379ea of the `github.com\/microsoft\/go-crypto-winnative` Go package."},{"lang":"es","value":"go-crypto-winnative Backend de criptografía Go para Windows que utiliza Cryptography API: Next Generation (CNG). Antes del commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41, las llamadas a `cng.TLS1PRF` no liberan el identificador de la clave, lo que produce una pequeña pérdida de memoria. El commit f49c8e1379ea4b147d5bff1b3be5b0ff45792e41 contiene una solución para el problema. La corrección está incluida en las versiones 1.23.6-2 y 1.22.12-2 de la compilación de Microsoft de Go, así como en la pseudoversión 0.0.0-20250211154640-f49c8e1379ea del paquete Go `github.com\/microsoft\/go-crypto-winnative`."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-401"}]}],"references":[{"url":"https:\/\/github.com\/microsoft\/go-crypto-winnative\/commit\/f49c8e1379ea4b147d5bff1b3be5b0ff45792e41","source":"security-advisories@github.com"},{"url":"https:\/\/github.com\/microsoft\/go-crypto-winnative\/security\/advisories\/GHSA-29c6-3hcj-89cf","source":"security-advisories@github.com"}]}}]}