CVE-2025-47913

Publication date 13 November 2025

Last updated 12 January 2026

Ubuntu priority

Cvss 3 Severity Score

SSH clients receiving SSH_AGENT_SUCCESS when expecting a typed response will panic and cause early termination of the client process.

Show unmaintained releases

Package	Ubuntu Release	Status
golang-go.crypto	26.04 LTS resolute	Needs evaluation
	25.10 questing	Needs evaluation
	25.04 plucky	Ignored end of life, was needs-triage
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
snapd	26.04 LTS resolute	Needs evaluation
	25.10 questing	Needs evaluation
	25.04 plucky	Ignored end of life, was needs-triage
	24.04 LTS noble	Needs evaluation
	22.04 LTS jammy	Needs evaluation
	20.04 LTS focal	Needs evaluation
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
lxd	26.04 LTS resolute	Not in release
	25.10 questing	Not in release
	25.04 plucky	Not in release
	24.04 LTS noble	Not in release
	22.04 LTS jammy	Not in release
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Needs evaluation
	16.04 LTS xenial	Needs evaluation
google-guest-agent	26.04 LTS resolute	Not affected
	25.10 questing	Not affected
	25.04 plucky	Not affected
	24.04 LTS noble	Not affected
	22.04 LTS jammy	Not affected
	20.04 LTS focal	Not affected
	18.04 LTS bionic	Not affected
	16.04 LTS xenial	Not affected

snapd contains an embedded copy of golang-go.crypto lxd in 18.04 LTS and earlier contains an embedded copy of golang-go.crypto

google-guest-agent contains an embedded copy of golang-go.crypto

google-guest-agent doesnt vendor ssh/agent code

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
golang-go.crypto	Upstream: 559e062

CVSS version: CVSS v3.0

Base score 7.5 · High

Base metrics

Scores

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H