CVE-2025-25199: go-crypto-winnative BCryptGenerateSymmetricKey memory leak
Calls to cng.TLS1PRF
don’t release the key handle, producing a small memory leak every time.
References
Detect and mitigate CVE-2025-25199 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →