CVE-2025-66565
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-12-09

Last updated on: 2025-12-11

Assigner: GitHub, Inc.

Description
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-09
Last Modified
2025-12-11
Generated
2026-06-16
AI Q&A
2025-12-09
EPSS Evaluated
2026-06-15
NVD
CVE-2025-66565
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
fiber fiber 2.0.0-rc.3
fiber fiber 2.0.0-rc.4
gofiber utils to 1.2.0 (exc)
gofiber utils 2.0.0
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-331 The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.
CWE-338 The product uses a Pseudo-Random Number Generator (PRNG) in a security context, but the PRNG's algorithm is not cryptographically strong.
CWE-252 The product does not check the return value from a method or function, which can prevent it from detecting unexpected states and conditions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in Fiber Utils versions 2.0.0-rc.3 and below. When the system's cryptographic random number generator (crypto/rand) fails, the functions in Fiber Utils silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". This fallback behavior compromises the security of all Fiber applications that rely on these functions for security-critical operations. The issue is fixed in version 2.0.0-rc.4.

Impact Analysis

The vulnerability can severely impact the security of applications using Fiber Utils for security-critical operations. Because the functions return predictable UUIDs when the cryptographic random number generator fails, attackers could potentially predict or reproduce these UUIDs, leading to compromised security features such as authentication, session management, or any functionality relying on unique identifiers. This can result in unauthorized access, data breaches, or other security failures.

Mitigation Strategies

Upgrade Fiber Utils to version 2.0.0-rc.4 or later, as this version fixes the vulnerability related to predictable UUID values when crypto/rand fails.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-66565. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart