Critical Vulnerability Information Vulnerability Description Title: Possible panics due to nil pointer dereference when using variables created alongside an error CVE ID: CVE-2025-59351 Severity: Moderate Affected Versions: <2.1.0 Fixed Version: 2.1.0 Impact Two instances were identified in the DragonFly codebase where the first return value of a function is dereferenced when the function returns an error, leading to a nil pointer dereference and causing a code crash. Example Code Attack Scenario A malicious user Eve sends a to Alice. Upon receiving the request, Alice's machine parses an empty variable in the server's Download method, resulting in a crash. Mitigation Upgrade to DragonFly v2.1.0 or later. Bypass Methods No effective bypass methods exist; upgrading is the only solution. References Third-party security audit conducted by Trail of Bits; full report available here. For inquiries, contact dragonfly-maintainers@googlegroups.com.