CVE-2025-65637
Denial-of-service vulnerability in logrus (Go)
What is CVE-2025-65637 About?
This denial-of-service vulnerability in github.com/sirupsen/logrus can render the Entry.Writer() unusable when logging large single-line payloads. It leads to application unavailability by causing internal read failures and closing the writer pipe. Exploitation is straightforward by providing a sufficiently large, non-newline terminated log entry.
Affected Software
- github.com/sirupsen/logrus
- <1.8.3
- >=1.9.0, <1.9.1
- >=1.9.2, <1.9.3
Technical Details
The vulnerability occurs in github.com/sirupsen/logrus when the Entry.Writer() is used to log a single-line payload exceeding 64KB without any newline characters. The internal bufio.Scanner, which is used for reading the input, has a size limitation. When confronted with a payload larger than 64KB without newlines, the scanner fails with a "token too long" error. This failure subsequently causes the writer pipe to close, making Writer() unusable and leading to a denial-of-service for the application attempting to log.
What is the Impact of CVE-2025-65637?
Successful exploitation may allow attackers to cause a denial-of-service condition, leading to application crashes, unresponsiveness, or failure to function as intended.
What is the Exploitability of CVE-2025-65637?
Exploitation of this vulnerability is of low complexity. It requires local or remote access depending on how the application receives input that gets logged via Entry.Writer(). No specific authentication or privilege escalation is typically required beyond the ability to submit data that the application will subsequently log. The primary condition for exploitation is logging a single-line payload greater than 64KB without newline characters. Risk factors include applications that process and log arbitrary user-supplied large amounts of text without prior validation or sanitization, making exploitation highly likely in such scenarios.
What are the Known Public Exploits?
| PoC Author | Link | Commentary |
|---|---|---|
| mjuanxd | Link | CVE-2025-65637: Logrus Denial of Service Vulnerability |
What are the Available Fixes for CVE-2025-65637?
About the Fix from Resolved Security
The patch fixes CVE-2025-65637 by adding a custom buffer-splitting function to limit log input chunks to 64KB, preventing bufio.Scanner buffer overflows when processing writes without newline characters. This change ensures that untrusted or maliciously large input cannot cause a panic or DoS by exceeding the maximum scanner token size, directly addressing the root of the vulnerability.
Available Upgrade Options
- github.com/sirupsen/logrus
- <1.8.3 → Upgrade to 1.8.3
- github.com/sirupsen/logrus
- >=1.9.0, <1.9.1 → Upgrade to 1.9.1
- github.com/sirupsen/logrus
- >=1.9.2, <1.9.3 → Upgrade to 1.9.3
Struggling with dependency upgrades?
See how Resolved Security's drop-in replacements make it simple.
Book a demoAdditional Resources
- https://github.com/mjuanxd/logrus-dos-poc
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3
- https://github.com/sirupsen/logrus/releases/tag/v1.9.3
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391
- https://github.com/sirupsen/logrus/commit/6acd903758687c4a3db3c11701e6c414fcf1c1f7
- https://github.com/sirupsen/logrus/pull/1376
- https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMSIRUPSENLOGRUS-5564391
- https://github.com/sirupsen/logrus/pull/1376
- https://osv.dev/vulnerability/GHSA-4f99-4q7p-p3gh
- https://nvd.nist.gov/vuln/detail/CVE-2025-65637
What are Similar Vulnerabilities to CVE-2025-65637?
Similar Vulnerabilities: CVE-2023-XXXXX , CVE-2022-YYYYY , CVE-2021-ZZZZZ , CVE-2020-AAAAA , CVE-2019-BBBBB
