CVE-2025-22868: golang.org/x/oauth2 Improper Validation of Syntactic Correctness of Input vulnerability

July 18, 2025

An attacker can pass a malicious malformed token which causes unexpected memory to be consumed during parsing.

References

github.com/advisories/GHSA-6v2p-p543-phr9
go.dev/cl/652155
go.dev/issue/71490
nvd.nist.gov/vuln/detail/CVE-2025-22868
pkg.go.dev/vuln/GO-2025-3488

Code Behaviors & Features

Detect and mitigate CVE-2025-22868 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →