6.5
CVE-2025-61727
- EPSS 0.27%
- Veröffentlicht 03.12.2025 19:37:15
- Zuletzt bearbeitet 18.12.2025 20:15:10
- Quelle security@golang.org
- CVE-Watchlists
- Unerledigt
Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.192 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 3.9 | 2.5 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
|
CWE-295 Improper Certificate Validation
The product does not validate, or incorrectly validates, a certificate.
Für Zugriff zu Vulnerability Intelligence ist ein VulnDex Zugang erforderlich.
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
https://go.dev/cl/723900
https://go.dev/issue/76442
https://pkg.go.dev/vuln/GO-2025-4175