ByteOS Network

NVD Vulnerability Details :

CVE-2025-61730

Analyzed

Source-security@golang.org

Published At-28 Jan, 2026 | 20:16

Updated At-03 Feb, 2026 | 20:36

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Type: Secondary

Version: 3.1

Base score: 5.3

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CPE Matches

>>go>>Versions before 1.24.12(exclusive)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

>>go>>Versions from 1.25.0(inclusive) to 1.25.6(exclusive)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-noinfo	Primary	nvd@nist.gov

CWE ID: NVD-CWE-noinfo

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
https://go.dev/cl/724120	security@golang.org	Patch
https://go.dev/issue/76443	security@golang.org	Patch
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc	security@golang.org	Release Notes
https://pkg.go.dev/vuln/GO-2026-4340	security@golang.org	Vendor Advisory

Hyperlink: https://go.dev/cl/724120

Source: security@golang.org

Resource:

Patch

Hyperlink: https://go.dev/issue/76443

Source: security@golang.org

Resource:

Patch

Hyperlink: https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc

Source: security@golang.org

Resource:

Release Notes

Hyperlink: https://pkg.go.dev/vuln/GO-2026-4340

Source: security@golang.org

Resource:

Vendor Advisory

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History