VDB

CVE-2025-47910

CVE-2025-47910 PUBLISHED

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

EPSS 0.01% · 2.0th percentile

Risk Scores

EPSS Score
0.01%
2.0th percentile

Affected Products

VendorProductVersions
Bitnamigolang1.25.0
Bitnamigolang1.25.0

Timeline

  • CVE Published
  • Sep 23, 2025 EPSS Score
  • Sep 30, 2025 EPSS Score
  • Oct 4, 2025 Coalition ESS Score
  • Oct 6, 2025 Coalition ESS Score
  • Oct 7, 2025 EPSS Score
  • Oct 14, 2025 EPSS Score
  • Oct 20, 2025 EPSS Score
  • Oct 27, 2025 EPSS Score
  • Nov 3, 2025 EPSS Score
  • Nov 10, 2025 EPSS Score
  • Nov 16, 2025 Coalition ESS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›