Vulnerability in Gofiber Fiber

CVE-2025-66630

Fiber is an Express inspired web framework written in Go. Before 2.52.11, on Go versions prior to 1.24, the underlying crypto/rand implementation can return an error if secure randomness cannot be obtained. Because no error is returned by…

EPSS: 0.000 (5.8th percentile) — read the EPSS interpretation.

Affected products

Gofiber Fiber — versions < 2.52.11

Weakness classification (CWE)

CWE-338 — Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

References

https://github.com/gofiber/fiber/security/advisories/GHSA-68rr-p4fp-j59v (x_refsource_CONFIRM)
https://github.com/gofiber/fiber/commit/eb874b6f6c5896b968d9b0ab2b56ac7052cb0ee1 (x_refsource_MISC)
https://github.com/gofiber/fiber/releases/tag/v2.52.11 (x_refsource_MISC)