CVE-2025-61730

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score

6.2 / 10

Vector String

                                        CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N                                    

Vulnerability Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Vulnerability Details

Published Date

January 28, 2026

Last Modified

February 03, 2026

CWE ID

NVD-CWE-noinfo

Source

NVD

Vendor

Go standard library

Product

crypto/tls

External References

https://go.dev/cl/724120
https://go.dev/issue/76443
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc
https://pkg.go.dev/vuln/GO-2026-4340

CVE-2025-61730

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment