CVE-2025-66565
Severity CVSS v4.0:
CRITICAL
Type:
Unavailable / Other
Publication date:
09/12/2025
Last modified:
11/12/2025
Description
Fiber Utils is a collection of common functions created for Fiber. In versions 2.0.0-rc.3 and below, when the system's cryptographic random number generator (crypto/rand) fails, both functions silently fall back to returning predictable UUID values, including the zero UUID "00000000-0000-0000-0000-000000000000". The vulnerability occurs through two related but distinct failure paths, both ultimately caused by crypto/rand.Read() failures, compromising the security of all Fiber applications using these functions for security-critical operations. This issue is fixed in version 2.0.0-rc.4.
Impact
Base Score 4.0
9.30
Severity 4.0
CRITICAL
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:gofiber:utils:*:*:*:*:*:go:*:* | 1.2.0 (including) | |
| cpe:2.3:a:gofiber:utils:2.0.0:beta1:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta10:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta11:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta12:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta13:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta14:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta2:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta3:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta4:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta5:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta6:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta7:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta8:*:*:*:go:*:* | ||
| cpe:2.3:a:gofiber:utils:2.0.0:beta9:*:*:*:go:*:* |
To consult the complete list of CPE names with products and versions, see this page