tag: Go · 1 items
- Engineer — Plan: If your Go codebase depends on github.com/cloudflare/circl and uses the FourQ elliptic curve (key exchange or signatures), audit that usage and schedule an upgrade; EPSS is 0.00 and no KEV listing, but a public PoC exists and cryptographic correctness flaws can enable key-recovery or signature-forgery scenarios.
- SOC/IR — Skip
- Leader — Skip
- Signals: CVE-2025-8556 — CISA KEV: not listed, EPSS 0.00, public PoC on GitHub