CVE-2025-59351: DragonFly vulnerable to panics due to nil pointer dereference when using variables created alongside an error

September 17, 2025 (updated September 18, 2025)

We found two instances in the DragonFly codebase where the first return value of a function is dereferenced even when the function returns an error (figures 9.1 and 9.2). This can result in a nil dereference, and cause code to panic. The codebase may contain additional instances of the bug.

request, err := source.NewRequestWithContext(ctx, parentReq.Url,
parentReq.UrlMeta.Header)
if err != nil {
log.Errorf("generate url [%v] request error: %v", request.URL, err)
span.RecordError(err)
return err
}

Eve is a malicious actor operating a peer machine. She sends a dfdaemonv1.DownRequest request to her peer Alice. Alice’s machine receives the request, resolves a nil variable in the server.Download method, and panics.

References

Code Behaviors & Features

Detect and mitigate CVE-2025-59351 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →