CVE-2025-53605

Published: Jul 5, 2025
Updated: Jul 8, 2025
CVE: <a href="https://nvd.nist.gov/vuln/detail/CVE-2025-53605" target="_blank" rel="noopener"> CVE-2025-53605
GHSA: <a href="https://github.com/advisories/GHSA-rxf6-323f-44fc" target="_blank" rel="noopener"> GHSA-rxf6-323f-44fc
Severity: Medium
Exploit:

The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input.