PT-2025-14376 · Go+8 · Go+8
Published
2025-01-01
·
Updated
2026-05-27
·
CVE-2025-22871
CVSS v3.1
9.8
Critical
| Base vector | Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Go versions 1.23 through 1.23.7
Go versions 1.24 through 1.24.1
Description
The issue concerns a security fix for the net/http package.
Recommendations
For Go versions 1.23 through 1.23.7, update to version 1.23.8.
For Go versions 1.24 through 1.24.1, update to version 1.24.2.
Fix
HTTP Request/Response Smuggling
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
ALSA-2025:12831
ALSA-2025:12850
ALSA-2025:8476
ALSA-2025:8477
ALSA-2025:8478
ALSA-2025:8666
ALSA-2025:8667
ALSA-2025:8682
ALSA-2025:8915
ALSA-2025:8916
ALSA-2025:8918
ALSA-2025:9060
ALSA-2025:9063
ALSA-2025:9106
ALSA-2025:9142
ALSA-2025:9143
ALSA-2025:9144
ALSA-2025:9145
ALSA-2025:9146
ALSA-2025:9147
ALSA-2025:9148
ALSA-2025:9149
ALSA-2025:9150
ALSA-2025:9151
ALSA-2025:9156
ALSA-2025:9317
ALSA-2025:9623
ALSA-2025:9634
ALSA-2025:9635
ALSA-2025:9844
ALSA-2025:9845
ALT-PU-2025-10791
ALT-PU-2025-5056
ALT-PU-2025-5091
ALT-PU-2025-6549
AZL-59652
AZL-59656
AZL-59666
AZL-78982
BDU:2025-04014
BIT-GOLANG-2025-22871
CESA-2025_8478
CESA-2025_8667
CESA-2025_8918
CESA-2025_9060
CESA-2025_9142
CESA-2025_9844
CESA-2025_9845
CLEANSTART-2026-BQ46815
CLEANSTART-2026-BT39952
CLEANSTART-2026-CR41732
CLEANSTART-2026-DV06422
CLEANSTART-2026-EE52954
CLEANSTART-2026-FU47971
CLEANSTART-2026-IA37596
CLEANSTART-2026-JT73156
CLEANSTART-2026-KK99760
CLEANSTART-2026-ME47927
CLEANSTART-2026-OJ41940
CLEANSTART-2026-PA85871
CLEANSTART-2026-PG91940
CLEANSTART-2026-SB25660
CLEANSTART-2026-SO16176
CLEANSTART-2026-VU62737
CVE-2025-22871
ECHO-80A7-4B2D-05E0
GHSA-5423-JCJM-2GPV
GHSA-6JQF-MV7M-3Q7P
GHSA-G9PC-8G42-G6VQ
GO-2025-3563
GO-2025-3627
GO-2025-4118
INFSA-2025_12831
INFSA-2025_8476
INFSA-2025_8478
INFSA-2025_8667
INFSA-2025_8682
INFSA-2025_8916
INFSA-2025_8918
INFSA-2025_9060
INFSA-2025_9106
INFSA-2025_9142
INFSA-2025_9143
INFSA-2025_9144
INFSA-2025_9145
INFSA-2025_9147
INFSA-2025_9150
INFSA-2025_9634
INFSA-2025_9635
INFSA-2025_9844
INFSA-2025_9845
MGASA-2025-0175
OESA-2025-2307
OESA-2025-2308
OESA-2025-2309
OPENSUSE-SU-2025:14962-1
OPENSUSE-SU-2025:14963-1
OPENSUSE-SU-2025:14978-1
OPENSUSE-SU-2025:15029-1
OPENSUSE-SU-2025:15305-1
OPENSUSE-SU-2025:15352-1
OPENSUSE-SU-2025_1141-1
OPENSUSE-SU-2025_1153-1
RHSA-2025:10271
RHSA-2025:10291
RHSA-2025:10295
RHSA-2025:10768
RHSA-2025:10782
RHSA-2025:11352
RHSA-2025:11678
RHSA-2025:11682
RHSA-2025:12831
RHSA-2025:12850
RHSA-2025:15291
RHSA-2025:21328
RHSA-2025:8476
RHSA-2025:8477
RHSA-2025:8478
RHSA-2025:8539
RHSA-2025:8601
RHSA-2025:8632
RHSA-2025:8633
RHSA-2025:8634
RHSA-2025:8665
RHSA-2025:8666
RHSA-2025:8667
RHSA-2025:8680
RHSA-2025:8682
RHSA-2025:8685
RHSA-2025:8689
RHSA-2025:8737
RHSA-2025:8915
RHSA-2025:8916
RHSA-2025:8918
RHSA-2025:8974
RHSA-2025:8975
RHSA-2025:8982
RHSA-2025:8983
RHSA-2025:8984
RHSA-2025:9017
RHSA-2025:9018
RHSA-2025:9019
RHSA-2025:9020
RHSA-2025:9025
RHSA-2025:9043
RHSA-2025:9059
RHSA-2025:9060
RHSA-2025:9061
RHSA-2025:9062
RHSA-2025:9063
RHSA-2025:9064
RHSA-2025:9065
RHSA-2025:9067
RHSA-2025:9069
RHSA-2025:9070
RHSA-2025:9078
RHSA-2025:9106
RHSA-2025:9142
RHSA-2025:9143
RHSA-2025:9144
RHSA-2025:9145
RHSA-2025:9146
RHSA-2025:9147
RHSA-2025:9148
RHSA-2025:9149
RHSA-2025:9150
RHSA-2025:9151
RHSA-2025:9156
RHSA-2025:9172
RHSA-2025:9177
RHSA-2025:9199
RHSA-2025:9200
RHSA-2025:9205
RHSA-2025:9206
RHSA-2025:9207
RHSA-2025:9279
RHSA-2025:9311
RHSA-2025:9312
RHSA-2025:9313
RHSA-2025:9317
RHSA-2025:9319
RHSA-2025:9623
RHSA-2025:9634
RHSA-2025:9635
RHSA-2025:9637
RHSA-2025:9638
RHSA-2025:9639
RHSA-2025:9640
RHSA-2025:9641
RHSA-2025:9642
RHSA-2025:9711
RHSA-2025:9712
RHSA-2025:9713
RHSA-2025:9714
RHSA-2025:9715
RHSA-2025:9756
RHSA-2025:9844
RHSA-2025:9845
RHSA-2025:9975
RHSA-2025:9986
RHSA-2025_12831
RHSA-2025_8476
RHSA-2025_8478
RHSA-2025_8667
RHSA-2025_8682
RHSA-2025_8916
RHSA-2025_8918
RHSA-2025_9060
RHSA-2025_9106
RHSA-2025_9142
RHSA-2025_9143
RHSA-2025_9144
RHSA-2025_9145
RHSA-2025_9147
RHSA-2025_9150
RHSA-2025_9634
RHSA-2025_9635
RHSA-2025_9844
RHSA-2025_9845
SUSE-SU-2025:01731-1
SUSE-SU-2025:03159-1
SUSE-SU-2025:1141-1
SUSE-SU-2025:1153-1
SUSE-SU-2025_03159-1
SUSE-SU-2025_1141-1
SUSE-SU-2025_1153-1
Affected Products
Alt Linux
Almalinux
Centos
Debian
Go
Red Hat
Red Os
Rocky Linux
Suse
References · 409
- https://osv.dev/vulnerability/ALSA-2025:9144 · Vendor Advisory
- https://osv.dev/vulnerability/GHSA-g9pc-8g42-g6vq · Vendor Advisory
- https://errata.almalinux.org/8/ALSA-2025-9060.html · Vendor Advisory
- https://errata.rockylinux.org/RLSA-2025:9844 · Vendor Advisory
- https://osv.dev/vulnerability/ALSA-2025:8666 · Vendor Advisory
- https://osv.dev/vulnerability/ALSA-2025:9143 · Vendor Advisory
- https://osv.dev/vulnerability/GHSA-5423-jcjm-2gpv · Vendor Advisory
- https://errata.rockylinux.org/RLSA-2025:9143 · Vendor Advisory
- https://osv.dev/vulnerability/openSUSE-SU-2025:14978-1 · Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-61725 · Security Note
- https://ubuntu.com/security/CVE-2025-22871 · Vendor Advisory
- https://osv.dev/vulnerability/ALSA-2025:9147 · Vendor Advisory
- https://osv.dev/vulnerability/OESA-2025-2307 · Vendor Advisory
- https://osv.dev/vulnerability/CLEANSTART-2026-BQ46815 · Vendor Advisory
- https://errata.almalinux.org/9/ALSA-2025-9145.html · Vendor Advisory