Description

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

INFO

Published Date :

2026-02-05T17:48:44.141Z

Last Modified :

2026-02-20T16:05:07.679Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-68121 vulnerability.

Vendors Products
Go Standard Library
  • Crypto Tls
Golang
  • Go
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-68121.

URL Resource
https://go.dev/cl/737700 cve-icon cve-icon cve-icon
https://go.dev/issue/77217 cve-icon cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk cve-icon cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2025-68121 cve-icon
https://pkg.go.dev/vuln/GO-2026-4337 cve-icon cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2025-68121 cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact