CVE-2025-58369
unknown
CVSS v3
—
CVSS v2
—
VIR risk
—
Description
FS2 half-shutdown of socket during TLS handshake may result in spin loop on opposite side
Predictions
Exploit likelihood
30%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Maven | co.fs2:fs2-io_2.12 | >=3.0.0-M1,<3.12.2 | 3.12.2 |
| Maven | co.fs2:fs2-io_2.12 | >=3.13.0-M1,<3.13.0-M7 | 3.13.0-M7 |
| Maven | co.fs2:fs2-io_2.13 | >=3.0.0-M1,<3.12.2 | 3.12.2 |
| Maven | co.fs2:fs2-io_2.13 | >=3.13.0-M1,<3.13.0-M7 | 3.13.0-M7 |
| Maven | co.fs2:fs2-io_3 | >=3.0.0-M1,<3.12.2 | 3.12.2 |
| Maven | co.fs2:fs2-io_3 | >=3.13.0-M1,<3.13.0-M7 | 3.13.0-M7 |
| Maven | co.fs2:fs2-io_0.26 | | |
| Maven | co.fs2:fs2-io_0.27 | | |
| Maven | co.fs2:fs2-io_2.11 | | |
| Maven | co.fs2:fs2-io_2.12.0-M4 | | |
| Maven | co.fs2:fs2-io_2.12.0-RC1 | | |
| Maven | co.fs2:fs2-io_2.12.0-M5 | | |
| Maven | co.fs2:fs2-io_2.12.0-RC2 | | |
| Maven | co.fs2:fs2-io_2.13.0-M5 | | |
| Maven | co.fs2:fs2-io_2.12 | <2.5.13 | 2.5.13 |
| Maven | co.fs2:fs2-io_2.13 | <2.5.13 | 2.5.13 |
| Maven | co.fs2:fs2-io_3 | <2.5.13 | 2.5.13 |
References
- https://github.com/typelevel/fs2/security/advisories/GHSA-rrw2-px9j-qffj
- https://nvd.nist.gov/vuln/detail/CVE-2025-58369
- https://github.com/typelevel/fs2/issues/3590
- https://github.com/typelevel/fs2/pull/3624
- https://github.com/typelevel/fs2/commit/46e2dc3abf994dcf3d0b804b2ddb3c10c04d4976
- https://github.com/typelevel/fs2/commit/5c6c4c6c1ef330f7e6b53661ecc63d5f5ba8885c
- https://github.com/typelevel/fs2/commit/edf0c4f2e660360d1c1a8c5377ce32294de89238
- https://github.com/typelevel/fs2
- https://github.com/typelevel/fs2/releases/tag/v3.12.2
- https://github.com/typelevel/fs2/releases/tag/v3.13.0-M7
Verify integrity in audit chain (admin only). AS-IS.