CVE-2025-68121

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-68121
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68121.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-68121
Aliases
Downstream
Related
Published
2026-02-05T18:16:10.857Z
Modified
2026-02-12T01:13:49.302539Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type
GIT
Repo
https://github.com/golang/go
Events
Fixed
96e4e2b1616c3c59577d48abcf2823bf1fdcd2e2
Introduced
6e676ab2b809d46623acb5988248d95d1eb7939c
Fixed
eaf3bc799a221cc375f188e8699c9330c1caf40a

Affected versions

go1.*
go1.25.0
go1.25.1
go1.25.2
go1.25.3
go1.25.4
go1.25.5
go1.25.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68121.json"