{"api_version":"1","generated_at":"2026-07-06T23:33:57+00:00","cve":"CVE-2025-11065","urls":{"html":"https://cve.report/CVE-2025-11065","api":"https://cve.report/api/cve/CVE-2025-11065.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-11065","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-11065"},"summary":{"title":"Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure","description":"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.","state":"PUBLISHED","assigner":"redhat","published_at":"2026-01-26 20:16:06","updated_at":"2026-06-30 00:16:51"},"problem_types":["CWE-209","CWE-209 Generation of Error Message Containing Sensitive Information"],"metrics":[{"version":"3.1","source":"secalert@redhat.com","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"}},{"version":"3.1","source":"CNA","type":"CVSS","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","data":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"}}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-11065","name":"https://access.redhat.com/security/cve/CVE-2025-11065","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm","name":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm","refsource":"134c704f-9b21-4f2e-91b3-4a467353bcc0","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391829","name":"https://bugzilla.redhat.com/show_bug.cgi?id=2391829","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c","name":"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c","refsource":"secalert@redhat.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-11065","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-11065","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Red Hat","product":"OpenShift Pipelines","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Certification for Red Hat Enterprise Linux 8","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Certification Program for Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift GitOps","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat OpenShift GitOps","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Application Pipeline","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","version":"","platforms":[]},{"source":"CNA","vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","version":"","platforms":[]}],"timeline":[{"source":"CNA","time":"2025-08-29T17:01:44.012Z","lang":"en","value":"Reported to Red Hat."},{"source":"CNA","time":"2025-08-29T14:52:35.000Z","lang":"en","value":"Made public."}],"solutions":[],"workarounds":[{"source":"CNA","title":"","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.","time":"","lang":"en"}],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":{"cve_year":"2025","cve_id":"11065","cve":"CVE-2025-11065","epss":"0.003570000","percentile":"0.276930000","score_date":"2026-07-01","updated_at":"2026-07-02 00:05:26"},"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"other":{"content":{"id":"CVE-2025-11065","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-02-03T19:21:11.932692Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-02-03T19:21:17.175Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"references":[{"tags":["exploit"],"url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"}],"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"collectionURL":"https://github.com/go-viper/mapstructure/","defaultStatus":"unaffected","packageName":"github.com/go-viper/mapstructure/v2","versions":[{"lessThan":"2.4.0","status":"affected","version":"0","versionType":"semver"}]},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_pipelines:1"],"defaultStatus":"affected","packageName":"openshift-pipelines-client","product":"OpenShift Pipelines","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:acm:2"],"defaultStatus":"affected","packageName":"rhacm2/acm-grafana-rhel9","product":"Red Hat Advanced Cluster Management for Kubernetes 2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:acm:2"],"defaultStatus":"affected","packageName":"rhacm2/submariner-rhel9-operator","product":"Red Hat Advanced Cluster Management for Kubernetes 2","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-central-db-rhel8","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-main-rhel8","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-rhel8-operator","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-roxctl-rhel8","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-scanner-v4-db-rhel8","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:advanced_cluster_security:4"],"defaultStatus":"affected","packageName":"advanced-cluster-security/rhacs-scanner-v4-rhel8","product":"Red Hat Advanced Cluster Security 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:certifications:1::el8"],"defaultStatus":"affected","packageName":"redhat-certification-preflight","product":"Red Hat Certification for Red Hat Enterprise Linux 8","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:certifications:9"],"defaultStatus":"affected","packageName":"redhat-certification-preflight","product":"Red Hat Certification Program for Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"gvisor-tap-vsock","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"opentelemetry-collector","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:10"],"defaultStatus":"affected","packageName":"toolbox","product":"Red Hat Enterprise Linux 10","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"gvisor-tap-vsock","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"opentelemetry-collector","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/o:redhat:enterprise_linux:9"],"defaultStatus":"affected","packageName":"toolbox","product":"Red Hat Enterprise Linux 9","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-model-registry-rhel9","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_ai"],"defaultStatus":"affected","packageName":"rhoai/odh-rhel9-operator","product":"Red Hat OpenShift AI (RHOAI)","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"microshift","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"openshift","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"openshift4/ose-helm-operator","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"openshift4/ose-helm-rhel9-operator","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift:4"],"defaultStatus":"affected","packageName":"podman","product":"Red Hat OpenShift Container Platform 4","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"affected","packageName":"devspaces/traefik-rhel9","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"unaffected","packageName":"devspaces/udi-base-rhel9","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_devspaces:3"],"defaultStatus":"unaffected","packageName":"devspaces/udi-rhel9","product":"Red Hat OpenShift Dev Spaces","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3"],"defaultStatus":"affected","packageName":"rhosdt/opentelemetry-collector-rhel8","product":"Red Hat OpenShift distributed tracing 3","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_gitops:1"],"defaultStatus":"affected","packageName":"openshift-gitops-1/argocd-rhel8","product":"Red Hat OpenShift GitOps","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:openshift_gitops:1"],"defaultStatus":"affected","packageName":"openshift-gitops-1/argocd-rhel9","product":"Red Hat OpenShift GitOps","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_application_pipeline:1"],"defaultStatus":"affected","packageName":"rhtap-task-runner/rhtap-task-runner-rhel9","product":"Red Hat Trusted Application Pipeline","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/cosign-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/fulcio-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/gitsign-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/rekor-backfill-redis-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/rekor-cli-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/rekor-server-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"],"defaultStatus":"affected","packageName":"rhtas/timestamp-authority-rhel9","product":"Red Hat Trusted Artifact Signer","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"affected","packageName":"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"affected","packageName":"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"affected","packageName":"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"},{"collectionURL":"https://access.redhat.com/downloads/content/package-browser/","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"],"defaultStatus":"affected","packageName":"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9","product":"Zero Trust Workload Identity Manager - Tech Preview","vendor":"Red Hat"}],"datePublic":"2025-08-29T14:52:35.000Z","descriptions":[{"lang":"en","value":"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts."}],"metrics":[{"other":{"content":{"namespace":"https://access.redhat.com/security/updates/classification/","value":"Moderate"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-209","description":"Generation of Error Message Containing Sensitive Information","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-29T23:28:27.767Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"tags":["vdb-entry","x_refsource_REDHAT"],"url":"https://access.redhat.com/security/cve/CVE-2025-11065"},{"name":"RHBZ#2391829","tags":["issue-tracking","x_refsource_REDHAT"],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391829"},{"url":"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"},{"url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"}],"timeline":[{"lang":"en","time":"2025-08-29T17:01:44.012Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-08-29T14:52:35.000Z","value":"Made public."}],"title":"Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"x_generator":{"engine":"cvelib 1.8.0"},"x_redhatCweChain":"CWE-209: Generation of Error Message Containing Sensitive Information"}},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2025-11065","datePublished":"2026-01-26T19:36:28.900Z","dateReserved":"2025-09-26T12:01:08.227Z","dateUpdated":"2026-06-29T23:28:27.767Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-01-26 20:16:06","lastModifiedDate":"2026-06-30 00:16:51","problem_types":["CWE-209","CWE-209 Generation of Error Message Containing Sensitive Information"],"metrics":{"cvssMetricV31":[{"source":"secalert@redhat.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.6,"impactScore":3.6}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-02-03T19:21:11.932692Z","id":"CVE-2025-11065","options":[{"exploitation":"poc"},{"automatable":"no"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"11065","Ordinal":"1","Title":"Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may","CVE":"CVE-2025-11065","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"11065","Ordinal":"1","NoteData":"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts.","Type":"Description","Title":"Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may"}]}}}