Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-61730

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Published

2026-01-28T20:16:09.940

Last Modified

2026-02-03T20:36:41.300

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 5.3 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.24.12	Yes
Application	golang	go	< 1.25.6	Yes

References

https://go.dev/cl/724120 Patch ([email protected])
https://go.dev/issue/76443 Patch ([email protected])
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc Release Notes ([email protected])
https://pkg.go.dev/vuln/GO-2026-4340 Vendor Advisory ([email protected])