PT-2025-35858 · Go+3 · Go+3

Published

2025-08-12

Updated

2026-05-21

CVE-2025-47910

CVSS v3.1

5.4

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Go versions prior to 1.25.1 Go versions prior to 1.24.7

Description The AddInsecureBypassPattern method within the http.CrossOriginProtection functionality can incorrectly bypass more requests than intended. This bypass occurs because CrossOriginProtection skips validation and forwards the original request path, potentially serving it through a different handler without the expected security measures. The issue stems from improper input validation in the Go programming language. This could allow a remote attacker to circumvent existing security restrictions.

Recommendations Upgrade to Go version 1.25.1 or later. Upgrade to Go version 1.24.7 or later.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2025-11599

BIT-GOLANG-2025-47910

CLEANSTART-2026-DS01292

CLEANSTART-2026-ER42900

CLEANSTART-2026-GZ35045

CLEANSTART-2026-OL32822

CLEANSTART-2026-SM37781

CLEANSTART-2026-YC48827

CVE-2025-47910

ECHO-4B0C-AA52-8CD0

GO-2025-3955

OPENSUSE-SU-2025:15525-1

OPENSUSE-SU-2025:15574-1

OPENSUSE-SU-2025:20157-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2025:03200-1

SUSE-SU-2025:03524-1

SUSE-SU-2025:03525-1

SUSE-SU-2025:21192-1

SUSE-SU-2025:3799-1

SUSE-SU-2025_03200-1

SUSE-SU-2025_03524-1

SUSE-SU-2025_03525-1

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

Affected Products

Alt Linux

Red Os

Suse

PT-2025-35858 · Go+3 · Go+3

CVE-2025-47910

Weakness Enumeration

Related Identifiers

Affected Products

References · 240