Description

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

INFO

Published Date :

2025-09-22T21:01:55.440Z

Last Modified :

2025-09-24T13:29:45.405Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47910 vulnerability.

Vendors Products
Go Standard Library
  • Net\/http
Golang
  • Http2
  • Net
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47910.

URL Resource
https://go.dev/cl/699275 cve-icon cve-icon cve-icon
https://go.dev/issue/75054 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-47910 cve-icon
https://pkg.go.dev/vuln/GO-2025-3955 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-47910 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact