CVE-2025-61730 — MEDIUM (5.3)

Q: How severe is CVE-2025-61730?

CVE-2025-61730 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2025-61730?

Check the references section above for vendor advisories and patch information. Affected products include: Golang Go.

Vulnerability Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Golang	Go	< 1.24.12

References

https://go.dev/cl/724120Patch
https://go.dev/issue/76443Patch
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUcRelease Notes
https://pkg.go.dev/vuln/GO-2026-4340Vendor Advisory

FAQ

What is CVE-2025-61730?

CVE-2025-61730 is a vulnerability with a CVSS score of 5.3 (MEDIUM). During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages m...

How severe is CVE-2025-61730?

CVE-2025-61730 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-61730?

Check the references section above for vendor advisories and patch information. Affected products include: Golang Go.