SSH servers which implement file transfer protocols are vulnerable to a denial of service attack from clients which complete the key exchange slowly, or not at all, causing pending content to be read into memory, but never transmitted.
CVE ID: CVE-2025-22869
Vendor: golang.org/x/crypto
Product: golang.org/x/crypto/ssh
EPSS Score: 0.06% (probability of being exploited)
EPSS Percentile: 15.58% (scored less or equal to compared to others)
EPSS Date: 2025-03-27 (when was this score calculated)