DEBIAN-CVE-2025-47910

DEBIAN-CVE-2025-47910 PUBLISHED CVSS 5.400000095367432 MEDIUM

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Risk Scores

CVSS 3.1

5.400000095367432

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Affected Products

Vendor	Product	Versions
Debian:14	golang-1.25	1.25.0-2, 1.25.0-1, 0

Exploit Intelligence

4593.2.0.yml (github-poc)

Timeline

Sep 22, 2025 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2025-47910 advisory

Open in Interactive Console →