Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.

The version of msft-golang installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-22874 advisory.

  - Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1075 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1074 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1079 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1076 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1073 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1077 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1078 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02120-1 advisory.

    Update to version 1.24.4 (bsc#1236217):

    - CVE-2025-22874 crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158).
    - CVE-2025-0913 os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157).
    - CVE-2025-4673 net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of amazon-cloudwatch-agent installed on the remote host is prior to 1.300055.3-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2025-2904 advisory.

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character     (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked     as self-closing, and when using the Parse functions, this can result in content following such tags as     being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g.
    <math>, <svg>, etc contexts).

    After analysis, we have determined that 2025-22872 do not pose a security risk to docker or containerd on     Amazon Linux 2 or Amazon Linux 2023. Source code analysis using govulncheck has confirmed that these     packages do not contain the vulnerable code. As a result, no security patches are required for these     specific packages on AL2 and AL2023. (CVE-2025-22872)

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1029 advisory.

    The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character     (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked     as self-closing, and when using the Parse functions, this can result in content following such tags as     being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g.
    <math>, <svg>, etc contexts).

    After analysis, we have determined that 2025-22872 do not pose a security risk to docker or containerd on     Amazon Linux 2 or Amazon Linux 2023. Source code analysis using govulncheck has confirmed that these     packages do not contain the vulnerable code. As a result, no security patches are required for these     specific packages on AL2 and AL2023. (CVE-2025-22872)

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1028 advisory.

    Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy     validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
    (CVE-2025-22874)

    Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking     sensitive information. (CVE-2025-4673)

Tenable has extracted the preceding description block directly from the tested product security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:01846-1 advisory.

    go1.24.4 (released 2025-06-05) includes security fixes to the     crypto/x509, net/http, and os packages, as well as bug fixes to     the linker, the go command, and the hash/maphash and os packages.
    ( bsc#1236217 go1.24 release tracking CVE-2025-22874 CVE-2025-0913 CVE-2025-4673)

    * CVE-2025-22874: crypto/x509: ExtKeyUsageAny bypasses policy validation (bsc#1244158)
    * CVE-2025-0913: os: inconsistent handling of O_CREATE|O_EXCL on Unix and Windows (bsc#1244157)
    * CVE-2025-4673: net/http: sensitive headers not cleared on cross-origin redirect (bsc#1244156)
    * os: Root.Mkdir creates directories with zero permissions on OpenBSD
    * hash/maphash: hashing channels with purego impl. of maphash.Comparable panics
    * runtime/debug: BuildSetting does not document DefaultGODEBUG
    * cmd/go: add fips140 module selection mechanism
    * cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen
    * CVE-2025-22873: os: Root permits access to parent directory

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
241845	CBL Mariner 2.0 Security Update: msft-golang (CVE-2025-22874)	Nessus	MarinerOS Local Security Checks	high
241786	Amazon Linux 2023 : nerdctl (ALAS2023-2025-1075)	Nessus	Amazon Linux Local Security Checks	high
241780	Amazon Linux 2023 : docker (ALAS2023-2025-1074)	Nessus	Amazon Linux Local Security Checks	high
241760	Amazon Linux 2023 : oci-add-hooks (ALAS2023-2025-1079)	Nessus	Amazon Linux Local Security Checks	high
241745	Amazon Linux 2023 : soci-snapshotter (ALAS2023-2025-1076)	Nessus	Amazon Linux Local Security Checks	high
241744	Amazon Linux 2023 : runfinch-finch (ALAS2023-2025-1073)	Nessus	Amazon Linux Local Security Checks	high
241724	Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2025-1077)	Nessus	Amazon Linux Local Security Checks	high
241716	Amazon Linux 2023 : runc (ALAS2023-2025-1078)	Nessus	Amazon Linux Local Security Checks	high
240724	SUSE SLES15 Security Update : go1.24-openssl (SUSE-SU-2025:02120-1)	Nessus	SuSE Local Security Checks	high
240451	Amazon Linux 2 : amazon-cloudwatch-agent (ALAS-2025-2904)	Nessus	Amazon Linux Local Security Checks	medium
240325	Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1029)	Nessus	Amazon Linux Local Security Checks	medium
240299	Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1028)	Nessus	Amazon Linux Local Security Checks	high
238043	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.24 (SUSE-SU-2025:01846-1)	Nessus	SuSE Local Security Checks	high

Detections

Analytics

CVE-2025-22874

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

medium

medium

high

high