{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-06T22:32:51.579","vulnerabilities":[{"cve":{"id":"CVE-2025-61728","sourceIdentifier":"security@golang.org","published":"2026-01-28T20:16:09.830","lastModified":"2026-02-06T18:45:10.420","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"archive/zip uses a super-linear file name indexing algorithm that is invoked the first time a file in an archive is opened. This can lead to a denial of service when consuming a maliciously constructed ZIP archive."},{"lang":"es","value":"archive/zip usa un algoritmo de indexación de nombres de archivo superlineal que se invoca la primera vez que se abre un archivo en un archivo comprimido. Esto puede provocar una denegación de servicio al consumir un archivo ZIP construido maliciosamente."}],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-770"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionEndExcluding":"1.24.12","matchCriteriaId":"21FD9368-8AB3-404B-8599-BBF64EFE3C7B"},{"vulnerable":true,"criteria":"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*","versionStartIncluding":"1.25.0","versionEndExcluding":"1.25.6","matchCriteriaId":"A547E844-78D2-4B17-B7A9-73E7B503D2CE"}]}]}],"references":[{"url":"https://go.dev/cl/736713","source":"security@golang.org","tags":["Patch"]},{"url":"https://go.dev/issue/77102","source":"security@golang.org","tags":["Patch"]},{"url":"https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc","source":"security@golang.org","tags":["Release Notes"]},{"url":"https://pkg.go.dev/vuln/GO-2026-4342","source":"security@golang.org","tags":["Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/01/15/4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Mailing List","Third Party Advisory"]}]}}]}