{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-11065","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","state":"PUBLISHED","assignerShortName":"redhat","dateReserved":"2025-09-26T12:01:08.227Z","datePublished":"2026-01-26T19:36:28.900Z","dateUpdated":"2026-02-03T19:21:17.175Z"},"containers":{"cna":{"title":"Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure","metrics":[{"other":{"content":{"value":"Moderate","namespace":"https://access.redhat.com/security/updates/classification/"},"type":"Red Hat severity rating"}},{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N","version":"3.1"},"format":"CVSS"}],"descriptions":[{"lang":"en","value":"A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in security-critical contexts."}],"affected":[{"versions":[{"status":"affected","version":"0","lessThan":"2.4.0","versionType":"semver"}],"packageName":"github.com/go-viper/mapstructure/v2","collectionURL":"https://github.com/go-viper/mapstructure/","defaultStatus":"unaffected"},{"vendor":"Red Hat","product":"OpenShift Pipelines","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-pipelines-client","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_pipelines:1"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/acm-grafana-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Management for Kubernetes 2","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhacm2/submariner-rhel9-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:acm:2"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-central-db-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-main-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-rhel8-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-roxctl-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-scanner-v4-db-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Advanced Cluster Security 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"advanced-cluster-security/rhacs-scanner-v4-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:advanced_cluster_security:4"]},{"vendor":"Red Hat","product":"Red Hat Certification for Red Hat Enterprise Linux 8","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-certification-preflight","defaultStatus":"affected","cpes":["cpe:/a:redhat:certifications:1::el8"]},{"vendor":"Red Hat","product":"Red Hat Certification Program for Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"redhat-certification-preflight","defaultStatus":"affected","cpes":["cpe:/a:redhat:certifications:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gvisor-tap-vsock","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opentelemetry-collector","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 10","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"toolbox","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:10"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"gvisor-tap-vsock","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"opentelemetry-collector","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat Enterprise Linux 9","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"toolbox","defaultStatus":"affected","cpes":["cpe:/o:redhat:enterprise_linux:9"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-model-registry-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift AI (RHOAI)","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhoai/odh-rhel9-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_ai"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"microshift","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-helm-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift4/ose-helm-rhel9-operator","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Container Platform 4","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"podman","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift:4"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/traefik-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/udi-base-rhel9","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift Dev Spaces","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"devspaces/udi-rhel9","defaultStatus":"unaffected","cpes":["cpe:/a:redhat:openshift_devspaces:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift distributed tracing 3","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhosdt/opentelemetry-collector-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_distributed_tracing:3"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel8","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat OpenShift GitOps","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"openshift-gitops-1/argocd-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:openshift_gitops:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Application Pipeline","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtap-task-runner/rhtap-task-runner-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_application_pipeline:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/cosign-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/fulcio-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/gitsign-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/rekor-backfill-redis-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/rekor-cli-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/rekor-server-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Red Hat Trusted Artifact Signer","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"rhtas/timestamp-authority-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:trusted_artifact_signer:1"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-agent-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-oidc-discovery-provider-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/spiffe-spire-server-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]},{"vendor":"Red Hat","product":"Zero Trust Workload Identity Manager - Tech Preview","collectionURL":"https://access.redhat.com/downloads/content/package-browser/","packageName":"zero-trust-workload-identity-manager/zero-trust-workload-identity-manager-rhel9","defaultStatus":"affected","cpes":["cpe:/a:redhat:zero_trust_workload_identity_manager:0"]}],"references":[{"url":"https://access.redhat.com/security/cve/CVE-2025-11065","tags":["vdb-entry","x_refsource_REDHAT"]},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2391829","name":"RHBZ#2391829","tags":["issue-tracking","x_refsource_REDHAT"]},{"url":"https://github.com/go-viper/mapstructure/commit/742921c9ba2854d27baa64272487fc5075d2c39c"},{"url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm"}],"datePublic":"2025-08-29T14:52:35.000Z","problemTypes":[{"descriptions":[{"cweId":"CWE-209","description":"Generation of Error Message Containing Sensitive Information","lang":"en","type":"CWE"}]}],"x_redhatCweChain":"CWE-209: Generation of Error Message Containing Sensitive Information","workarounds":[{"lang":"en","value":"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}],"timeline":[{"lang":"en","time":"2025-08-29T17:01:44.012Z","value":"Reported to Red Hat."},{"lang":"en","time":"2025-08-29T14:52:35.000Z","value":"Made public."}],"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2026-01-26T19:36:28.900Z"},"x_generator":{"engine":"cvelib 1.8.0"}},"adp":[{"references":[{"url":"https://github.com/go-viper/mapstructure/security/advisories/GHSA-2464-8j7c-4cjm","tags":["exploit"]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2026-02-03T19:21:11.932692Z","id":"CVE-2025-11065","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-02-03T19:21:17.175Z"}}]}}