Description

During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

INFO

Published Date :

2026-01-28T19:30:30.986Z

Last Modified :

2026-02-02T17:28:49.572Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-61730 vulnerability.

Vendors Products
Go Standard Library
  • Crypto Tls
Golang
  • Go
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-61730.

URL Resource
https://go.dev/cl/724120 cve-icon cve-icon
https://go.dev/issue/76443 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/Vd2tYVM8eUc cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2026-4340 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact