VDB
CVE-2025-47910
CVE-2025-47910
PUBLISHED
When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.
EPSS 0.01% · 2.0th percentile
Risk Scores
EPSS Score
0.01%
2.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 1.25.0 |
| Bitnami | golang | 1.25.0 |
Timeline
- CVE Published
- Sep 23, 2025 EPSS Score
- Sep 30, 2025 EPSS Score
- Oct 4, 2025 Coalition ESS Score
- Oct 6, 2025 Coalition ESS Score
- Oct 7, 2025 EPSS Score
- Oct 14, 2025 EPSS Score
- Oct 20, 2025 EPSS Score
- Oct 27, 2025 EPSS Score
- Nov 3, 2025 EPSS Score
- Nov 10, 2025 EPSS Score
- Nov 16, 2025 Coalition ESS Score