VDB
DEBIAN-CVE-2025-61727
DEBIAN-CVE-2025-61727
PUBLISHED
CVSS 6.5 MEDIUM
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
Risk Scores
CVSS 3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | golang-1.19 | 1.19.10-1, 1.19.10-2, 1.19.11-1 |
| Debian:14 | golang-1.25 | 1.25.0-2, 0, 1.25.0-1 |
| Debian:13 | golang-1.24 | 1.24.12-1, 1.24.13-1, 1.24.13-2 |
| Debian:11 | golang-1.15 | 1.15.15-1, 1.15.15-1, 1.15.15-1 |
Exploit Intelligence
- dns_name.rs (github-poc)
- tmp_audit.json (github-poc)
- 4628.1.0.yml (github-poc)
- 2026.xml (github-poc)
- 2026.xml (github-poc)
Timeline
- Dec 3, 2025 CVE Published
- Apr 28, 2026 CVE Updated