Home

Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

PUBLISHED Reserved 2025-09-30 | Published 2026-01-28 | Updated 2026-02-02 | Assigner Go

Problem types

CWE-940: Improper Verification of Source of a Communication Channel

Product status

Default status
unaffected

Any version before 1.24.12
affected

1.25.0 (semver) before 1.25.6
affected

Credits

Coia Prant (github.com/rbqvq)

References

go.dev/cl/724120

go.dev/issue/76443

groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

pkg.go.dev/vuln/GO-2026-4340

cve.org (CVE-2025-61730)

nvd.nist.gov (CVE-2025-61730)

Download JSON