- Description
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
CVE-2025-22874 Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which cont⦠https://t.co/sexQtE8WCO
@CVEnew
11 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). π Impacts: β Certificate validation bypass β HTTP header leaks β Permission flaws Read more : πhttps://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R
@Cezar_H_Linux
10 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mageia9 patches 3 Golang CVEs: β Proxy-Auth header leaks (CVE-2025-4673) β Symlink handling flaws (CVE-2025-0913) β x509 policy bypass (CVE-2025-22874) Read more: π https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B
@Cezar_H_Linux
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π Go 1.24.4 and 1.23.10 are released! π Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. π° Announcement: https://t.co/C3AeYy8ZX8 π¦ Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes