How severe is CVE-2025-30204?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2025-30204?

This is classified as CWE-405, which is a common weakness in software security.

CVE-2025-30204 - HIGH Severity | CVSS 7.5

Vulnerability Description

golang-jwt is a Go implementation of JSON Web Tokens. Starting in version 3.2.0 and prior to versions 5.2.2 and 4.5.2, the function parse.ParseUnverified splits (via a call to strings.Split) its argument (which is untrusted data) on periods. As a result, in the face of a malicious request whose Authorization header consists of Bearer followed by many period characters, a call to that function incurs allocations to the tune of O(n) bytes (where n stands for the length of the function's argument), with a constant factor of about 16. This issue is fixed in 5.2.2 and 4.5.2.

Related Vulnerabilities

CVE-2018-15492

HIGH

CVSS:7.5(High)

A vulnerability in the lservnt.exe component of Sentinel License Manager version 8.5.3.35 (fixed in 8.5.3.2403) causes UDP amplification.

CWE-4052018

CVE-2021-21359

HIGH

CVSS:7.5(High)

TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 9.5.25, 10.4.14, 11.1.1 requesting invalid or non-existing resources via HTTP triggers the page error handler ...

CWE-4052021

CVE-2021-38447

HIGH

CVSS:7.5(High)

OCI OpenDDS versions prior to 3.18.1 are vulnerable when an attacker sends a specially crafted packet to flood target devices with unwanted traffic, which may result in a denial-of-service condition.

CWE-4052021

CVE-2023-2992

HIGH

CVSS:7.5(High)

An unauthenticated denial of service vulnerability exists in the SMM v1, SMM v2, and FPC management web server which can be triggered under crafted conditions. Rebooting SMM or FPC will restore access...

CWE-4052023

CVE-2024-11187

HIGH

CVSS:7.5(High)

It is possible to construct a zone such that some queries to it will generate responses containing numerous records in the Additional section. An attacker sending many such queries can cause either th...

CWE-4052024

CVE-2024-34703

HIGH

CVSS:7.5(High)

Botan is a C++ cryptography library. X.509 certificates can identify elliptic curves using either an object identifier or using explicit encoding of the parameters. Prior to versions 3.3.0 and 2.19.4,...

CWE-4052024