← Back

CVE-2025-61730

nvd nist
Published: Jan 28, 2026Modified: Feb 3, 2026

JSON object

Loading...
5.3
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Affected (2)

Products: Golang: Go
Golang
1 product
Go
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Golang
Go
Before 1.24.12
Go
From 1.25.0 to 1.25.6

References (4)

Source: security@golang.org
Patch
Source: security@golang.org
Patch
Source: security@golang.org
Release Notes
Source: security@golang.org
Vendor Advisory

Timeline

No history available yet.