5.3

CVE-2025-61730

EPSS 0.01%
Veröffentlicht 28.01.2026 19:30:30
Zuletzt bearbeitet 03.02.2026 20:36:41
Quelle security@golang.org
CVE-Watchlists
Login
Unerledigt
Login

Handshake messages may be processed at the incorrect encryption level in crypto/tls

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 7

NVD 2 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Golang ≫ Go Version < 1.24.12

Golang ≫ Go Version >= 1.25.0 < 1.25.6

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.008

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

Release Notes

https://go.dev/cl/724120

Patch

https://go.dev/issue/76443

Patch

https://pkg.go.dev/vuln/GO-2026-4340

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2025-61730

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-61730

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-61730

EUVD