CVE-2025-22874 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Certificate verification bypass |
| Description | crypto/x509: When VerifyOptions.KeyUsages includes ExtKeyUsageAny, certificate policy validation is unintentionally disabled. This affects certificate chains with policy constraints, which are uncommon but security-relevant when used. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2896 | go | 1.24.3-1 | 1.24.4-1 | Medium | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 07 Jun 2025 | ASA-202506-4 | AVG-2896 | go | Medium | multiple issues |
| References |
|---|
https://github.com/golang/go/issues/73612 https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A/m/XDxq7uidAgAJ https://go.dev/doc/devel/release#go1.24.4 |