Vulnerability Database

313,824

Total vulnerabilities in the database

CVE-2025-61727

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

Published: Dec 3, 2025
Updated: Dec 4, 2025
CVE: CVE-2025-61727
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWEs:

CWE-295

OWASP TOP 10:

A3 - Sensitive Data Exposure

Affected Software
References

Software	From	Fixed in
golang / go	-	1.24.11
golang / go	1.25	1.25.5

https://go.dev/cl/723900
https://go.dev/issue/76442
https://groups.google.com/g/golang-announce/c/8FJoBkPddm4
https://pkg.go.dev/vuln/GO-2025-4175

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo