CVE-2025-47910

Published Sep 22, 2025

Last updated 6 months ago

CVSS medium 5.4
SonarSource SonarQube

Overview

Description
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
Source
security@golang.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.4
Impact score
2.5
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Severity
MEDIUM

Social media

Hype score
Not currently trending

  1. 🚨 Critical update for #Fedora 42 users: node-exporter 1.10.2 patches multiple CVEs (CVE-2025-47910, 58189, etc.) - DoS, info leak, and bypass risks fixed. Read more: πŸ‘‰ https://t.co/UsvBM477A5 #Security https://t.co/FCzQ8KUX73

    @Cezar_H_Linux

    9 Feb 2026

    56 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 #Fedora 42 security alert: golang-github-projectdiscovery-mapcidr update patches 9 CVEs (CVE-2025-58058, CVE-2025-47910, etc.). Memory leaks, HTTP bypasses, and DoS flaws fixed. Critical for pentesters & cloud sec. Read more: πŸ‘‰ https://t.co/3mQ6HI7xa0 #Security https

    @Cezar_H_Linux

    31 Dec 2025

    15 Impressions

    1 Retweet

    1 Like

    1 Bookmark

    0 Replies

    0 Quotes

  3. Just published a technical breakdown of the #Fedora 42 kustomize vulnerability (CVE-2025-47910). This goes past the headline. Read more: πŸ‘‰ https://t.co/d0rDQ4dcJx #Security https://t.co/i29ZQeauww

    @Cezar_H_Linux

    31 Dec 2025

    55 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. Fedora 43 and Ubuntu 22 issue critical gdu update fixing CVE-2025-58189 (ALPN negotiation flaw) and CVE-2025-47910 (Cross-Origin Protection bypass). Users should upgrade to 5.32.0. #Vulnerability https://t.co/J9pqaxe0HP

    @threatcluster

    28 Dec 2025

    9 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. πŸ” Critical #CVE-2025-47910 patched in #Fedora 42's containernetworking-plugins. A Cross-Origin Protection bypass in net/http threatens container isolation. Read more: πŸ‘‰ https://t.co/c2uG7l3TRV #Security https://t.co/ioEIQynR8L

    @Cezar_H_Linux

    5 Oct 2025

    42 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2025-47910 When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips valid… https://t.co/sgBD1zXItV

    @CVEnew

    22 Sept 2025

    65 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🀯 Go 1.25.1 and 1.24.7 are released! πŸ” Security: Includes a security fix for net/http (CVE-2025-47910). πŸ“£ Announcement: https://t.co/PrrSaiIwW3 ⬇️ Download: https://t.co/vSrCuSS6DE #golang https://t.co/YIMM4XL0ta

    @golang

    3 Sept 2025

    23904 Impressions

    126 Retweets

    545 Likes

    28 Bookmarks

    3 Replies

    9 Quotes

References

Sources include official advisories and independent security research.