AI description
CVE-2025-22874 affects Google Go's crypto-x509 component, specifically the VerifyOptions.KeyUsages function. This vulnerability involves improper certificate validation due to manipulation with an unknown input. The vulnerability lies in the product's failure to properly validate certificates, potentially impacting integrity. It can be exploited remotely without authentication, though exploitation is considered difficult. The vulnerability is addressed in versions 1.23.10 and 1.24.4 of Google Go.
- Description
- Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
- Hype score
- Not currently trending
CVE-2025-22874 Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which cont… https://t.co/sexQtE8WCO
@CVEnew
11 Jun 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀 URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). 🔐 Impacts: ✔ Certificate validation bypass ✔ HTTP header leaks ✔ Permission flaws Read more : 👇https://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R
@Cezar_H_Linux
10 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mageia9 patches 3 Golang CVEs: ✅ Proxy-Auth header leaks (CVE-2025-4673) ✅ Symlink handling flaws (CVE-2025-0913) ✅ x509 policy bypass (CVE-2025-22874) Read more: 👉 https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B
@Cezar_H_Linux
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎆 Go 1.24.4 and 1.23.10 are released! 🔐 Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. 📰 Announcement: https://t.co/C3AeYy8ZX8 📦 Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes