Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-22874

Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

Published

2025-06-11T17:15:42.167

Last Modified

2025-06-12T16:06:20.180

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Affected Vendors & Products

References

https://go.dev/cl/670375 ([email protected])
https://go.dev/issue/73612 ([email protected])
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A ([email protected])
https://pkg.go.dev/vuln/GO-2025-3749 ([email protected])