CVE-2025-68121 (GCVE-0-2025-68121)

Vulnerability from cvelistv5 – Published: 2026-02-05 17:48 – Updated: 2026-04-29 13:29
VLAI
Title
Unexpected session resumption in crypto/tls
Summary
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
Severity
9.1 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CWE
  • CWE-295 - Improper Certificate Validation
Assigner
Go
References
Impacted products
Vendor Product Version
Go standard library crypto/tls Affected: 0 , < 1.24.13 (semver)
Affected: 1.25.0-0 , < 1.25.7 (semver)
Affected: 1.26.0-rc.1 , < 1.26.0-rc.3 (semver)
Create a notification for this product.
Credits
Coia Prant (github.com/rbqvq) Go Security Team
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 9.1,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2025-68121",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-04-29T03:55:46.305385Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-295",
                "description": "CWE-295 Improper Certificate Validation",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-04-29T13:29:25.582Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://pkg.go.dev",
          "defaultStatus": "unaffected",
          "packageName": "crypto/tls",
          "product": "crypto/tls",
          "programRoutines": [
            {
              "name": "Conn.handshakeContext"
            },
            {
              "name": "Conn.Handshake"
            },
            {
              "name": "Conn.HandshakeContext"
            },
            {
              "name": "Conn.Read"
            },
            {
              "name": "Conn.Write"
            },
            {
              "name": "Dial"
            },
            {
              "name": "DialWithDialer"
            },
            {
              "name": "Dialer.Dial"
            },
            {
              "name": "Dialer.DialContext"
            },
            {
              "name": "QUICConn.Start"
            }
          ],
          "vendor": "Go standard library",
          "versions": [
            {
              "lessThan": "1.24.13",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.25.7",
              "status": "affected",
              "version": "1.25.0-0",
              "versionType": "semver"
            },
            {
              "lessThan": "1.26.0-rc.3",
              "status": "affected",
              "version": "1.26.0-rc.1",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Coia Prant (github.com/rbqvq)"
        },
        {
          "lang": "en",
          "value": "Go Security Team"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-02-05T17:48:44.141Z",
        "orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
        "shortName": "Go"
      },
      "references": [
        {
          "url": "https://groups.google.com/g/golang-announce/c/K09ubi9FQFk"
        },
        {
          "url": "https://go.dev/cl/737700"
        },
        {
          "url": "https://go.dev/issue/77217"
        },
        {
          "url": "https://pkg.go.dev/vuln/GO-2026-4337"
        }
      ],
      "title": "Unexpected session resumption in crypto/tls"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
    "assignerShortName": "Go",
    "cveId": "CVE-2025-68121",
    "datePublished": "2026-02-05T17:48:44.141Z",
    "dateReserved": "2025-12-15T16:48:04.451Z",
    "dateUpdated": "2026-04-29T13:29:25.582Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-68121",
      "date": "2026-05-26",
      "epss": "0.00018",
      "percentile": "0.04798"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-68121\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2026-02-05T18:16:10.857\",\"lastModified\":\"2026-04-29T14:16:16.170\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"},{\"lang\":\"es\",\"value\":\"Durante la reanudaci\u00f3n de la sesi\u00f3n en crypto/tls, si la Config subyacente tiene sus campos ClientCAs o RootCAs mutados entre el handshake inicial y el handshake reanudado, el handshake reanudado puede tener \u00e9xito cuando deber\u00eda haber fallado. Esto puede ocurrir cuando un usuario llama a Config.Clone y muta la Config devuelta, o usa Config.GetConfigForClient. Esto puede hacer que un cliente reanude una sesi\u00f3n con un servidor con el que no la habr\u00eda reanudado durante el handshake inicial, o hacer que un servidor reanude una sesi\u00f3n con un cliente con el que no la habr\u00eda reanudado durante el handshake inicial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":10.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":5.2}]},\"weaknesses\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-295\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.24.13\",\"matchCriteriaId\":\"9FEE539A-EDC2-4044-A38C-5A0FDF567509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.25.0\",\"versionEndExcluding\":\"1.25.7\",\"matchCriteriaId\":\"B275853C-E253-485B-B469-31D1A7383965\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"E529A0EC-B944-4E2F-B26A-2A9F31AFF240\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:golang:go:1.26.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"553D6D90-140E-4A54-86A3-00E66AC30F3C\"}]}]}],\"references\":[{\"url\":\"https://go.dev/cl/737700\",\"source\":\"security@golang.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://go.dev/issue/77217\",\"source\":\"security@golang.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\",\"source\":\"security@golang.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pkg.go.dev/vuln/GO-2026-4337\",\"source\":\"security@golang.org\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-68121\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-29T03:55:46.305385Z\"}}}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-295\", \"description\": \"CWE-295 Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-02-06T15:32:38.457Z\"}}], \"cna\": {\"title\": \"Unexpected session resumption in crypto/tls\", \"credits\": [{\"lang\": \"en\", \"value\": \"Coia Prant (github.com/rbqvq)\"}, {\"lang\": \"en\", \"value\": \"Go Security Team\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"crypto/tls\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.24.13\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.25.0-0\", \"lessThan\": \"1.25.7\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.26.0-rc.1\", \"lessThan\": \"1.26.0-rc.3\", \"versionType\": \"semver\"}], \"packageName\": \"crypto/tls\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Conn.handshakeContext\"}, {\"name\": \"Conn.Handshake\"}, {\"name\": \"Conn.HandshakeContext\"}, {\"name\": \"Conn.Read\"}, {\"name\": \"Conn.Write\"}, {\"name\": \"Dial\"}, {\"name\": \"DialWithDialer\"}, {\"name\": \"Dialer.Dial\"}, {\"name\": \"Dialer.DialContext\"}, {\"name\": \"QUICConn.Start\"}]}], \"references\": [{\"url\": \"https://groups.google.com/g/golang-announce/c/K09ubi9FQFk\"}, {\"url\": \"https://go.dev/cl/737700\"}, {\"url\": \"https://go.dev/issue/77217\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2026-4337\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-295: Improper Certificate Validation\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2026-02-05T17:48:44.141Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-68121\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-29T13:29:25.582Z\", \"dateReserved\": \"2025-12-15T16:48:04.451Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2026-02-05T17:48:44.141Z\", \"assignerShortName\": \"Go\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.