Cross-Origin Request Bypass in Go Programming Language by Google
CVE-2025-47910
Currently unrated
What is CVE-2025-47910?
A vulnerability exists in the Go programming language's CrossOriginProtection feature where the AddInsecureBypassPattern method can unintentionally allow more requests to bypass security validation than intended. Consequently, CrossOriginProtection can skip essential validation, forwarding the request path to a different handler, which may lack the necessary security measures, posing potential risks to applications relying on this functionality.
Affected Version(s)
net/http 1.25.0 < 1.25.1