Vulnerability Report: GO-2025-3656
- CVE-2025-32777, GHSA-hg79-fw4p-25p8
- Affects: volcano.sh/volcano
- Published: May 06, 2025
- Unreviewed
Volcano Scheduler Denial of Service via Unbounded Response from Elastic Service/extender Plugin in volcano.sh/volcano
For detailed information about this vulnerability, visit https://github.com/volcano-sh/volcano/security/advisories/GHSA-hg79-fw4p-25p8 or https://nvd.nist.gov/vuln/detail/CVE-2025-32777.
Affected Modules
-
PathGo Versions
-
before v1.9.1, from v1.10.0-alpha.0 before v1.10.2, from v1.11.0-network-topology-preview.0 before v1.11.0-network-topology-preview.3, from v1.11.0 before v1.11.2, from v1.12.0-alpha.0 before v1.12.0-alpha.2
Aliases
References
- https://github.com/volcano-sh/volcano/security/advisories/GHSA-hg79-fw4p-25p8
- https://nvd.nist.gov/vuln/detail/CVE-2025-32777
- https://github.com/volcano-sh/volcano/commit/45a4347471a5254121d10afef04c6732095fa398
- https://github.com/volcano-sh/volcano/commit/7103c18de19821cd278f949fa24c13da350a8c5d
- https://github.com/volcano-sh/volcano/commit/735842af59b9be0da5090677db7693c98a798b2a
- https://github.com/volcano-sh/volcano/commit/7c0ea53fa3cfa7a05b5fba7a8af7bfe88adc41c3
- https://github.com/volcano-sh/volcano/commit/d687f75a11fa36f37b54e4b6ff8e49bc0a3ca6b4
- https://github.com/volcano-sh/volcano/releases/tag/v1.10.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.11.0-network-topology-preview.3
- https://github.com/volcano-sh/volcano/releases/tag/v1.11.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.12.0-alpha.2
- https://github.com/volcano-sh/volcano/releases/tag/v1.9.1
- https://vuln.go.dev/ID/GO-2025-3656.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.