Cross-Origin Request Bypass in Go Programming Language by Google
CVE-2025-47910

Currently unrated

Key Information:

Status
Vendor
CVE Published:
22 September 2025

What is CVE-2025-47910?

A vulnerability exists in the Go programming language's CrossOriginProtection feature where the AddInsecureBypassPattern method can unintentionally allow more requests to bypass security validation than intended. Consequently, CrossOriginProtection can skip essential validation, forwarding the request path to a different handler, which may lack the necessary security measures, posing potential risks to applications relying on this functionality.

Affected Version(s)

net/http 1.25.0 < 1.25.1

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-47910 : Cross-Origin Request Bypass in Go Programming Language by Google