CVE-2025-58189

Summary

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

Affected Software

VendorProductVersion RangeStatus
Go standard librarycrypto/tls0 < 1.24.8affected
Go standard librarycrypto/tls1.25.0 < 1.25.2affected

Weaknesses

  • CWE-117: Improper Output Neutralization for Logs

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

CVE Program Container

Additional References

References