CVE-2025-65637 is a denial-of-service vulnerability found in the logrus logging library, widely used in Go applications for structured logging. The issue arises in the Entry.Writer() function when it processes a single-line log payload exceeding 64KB without newline characters. Internally, logrus uses Go's bufio.Scanner to read input, which has a maximum token size limit. When this limit is exceeded, bufio.Scanner returns a "token too long" error, causing the writer pipe to close unexpectedly. This closure makes the Writer() unusable for subsequent logging operations, effectively causing a denial-of-service by preventing the application from logging further events and potentially leading to application unavailability. The vulnerability affects multiple versions of logrus prior to 1.8.3, 1.9.0, and 1.9.2. The developers addressed the issue in versions 1.8.3, 1.9.1, and 1.9.3 and later by chunking the input, allowing the writer to continue functioning even if an error occurs during scanning. The CVSS v3.1 base score is 7.5, reflecting high severity due to network attack vector, no required privileges or user interaction, and a direct impact on availability. No known exploits have been reported yet, but the vulnerability could be leveraged by attackers to disrupt services that rely on logrus for logging, especially those that accept untrusted input for logging purposes.

The primary impact of CVE-2025-65637 is denial-of-service, leading to application unavailability. For European organizations, this can disrupt critical services that depend on Go applications using vulnerable logrus versions. Industries such as finance, healthcare, telecommunications, and public sector entities that rely on robust logging for auditing and monitoring could face operational interruptions. The inability to log events may also hinder incident response and forensic investigations during an attack. Since the vulnerability can be triggered remotely without authentication, exposed services that log user input or external data are at risk of being taken offline. This could result in service downtime, loss of customer trust, and potential regulatory compliance issues under frameworks like GDPR if service availability is impacted. Additionally, denial-of-service conditions can be leveraged as part of multi-stage attacks to distract or disable defenses.

European organizations should immediately identify all applications and services using the logrus library, particularly versions prior to 1.8.3, 1.9.0, and 1.9.2. The primary mitigation is to upgrade to logrus versions 1.8.3, 1.9.1, 1.9.3, or later, where the vulnerability is fixed by chunking input to avoid scanner failures. If upgrading is not immediately feasible, organizations should implement input validation and sanitization to prevent logging of excessively large single-line payloads without newline characters. Rate limiting or filtering suspicious log inputs at the application or network level can reduce the risk of exploitation. Monitoring logs for unusual large entries and implementing alerting on logging failures can provide early detection of exploitation attempts. Additionally, segregating logging infrastructure and ensuring fallback logging mechanisms can help maintain availability during an attack. Security teams should also review application logging configurations to avoid logging untrusted or user-controlled data without proper controls.