AI description
CVE-2025-61727 refers to a security vulnerability found in Go versions 1.25.5 and 1.24.11. Specifically, an excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example, a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com. This vulnerability could allow a malicious actor to bypass intended security restrictions related to certificate validation. The issue is addressed in Go versions 1.25.5 and 1.24.11.
- Description
- An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 6.5
- Impact score
- 2.5
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
CVE-2025-61727 An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes t… https://t.co/JwusLOYNU5
@CVEnew
3 Dec 2025
163 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎉 Go 1.25.5 and 1.24.11 are released! 🔐 Security: Includes security fixes for crypto/x509 (CVE-2025-61729, CVE-2025-61727). 🗣 Announcement: https://t.co/zG9tCI47Nf ⬇️ Download: https://t.co/d45S6FsIsY #golang https://t.co/w6hYSx5Upg
@golang
2 Dec 2025
27211 Impressions
102 Retweets
662 Likes
26 Bookmarks
12 Replies
10 Quotes