Detections
Analytics

Golang 1.24.x < 1.24.7 / 1.25.x < 1.25.1 Insecure Bypass (75054)

medium Nessus Plugin ID 261503

Language:

Synopsis

An application installed on the remote host is affected by a insecure bypass vulnerability.

Description

The version of Golang running on the remote host is 1.24.x prior to 1.24.7, 1.25.x prior to 1.25.1. It is, therefore, affected by a vulnerability as referenced in 75054 advisory.

 - When passing patterns to CrossOriginProtection.AddInsecureBypassPattern, requests that would have redirected to those patterns (e.g. without a trailingslash) were also exempted, which might be unexpected. (CVE-2025-47910)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Golang Go version 1.24.7, 1.25.1 or later.

See Also

https://github.com/golang/go/issues/75054

http://www.nessus.org/u?29e82606

Plugin Details

Severity: Medium

ID: 261503

File Name: golang_1_25_1.nasl

Version: 1.1

Type: local

Family: Misc.

Published: 9/5/2025

Updated: 9/5/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P

CVSS Score Source: CVE-2025-47910

CVSS v3

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

Vulnerability Information

CPE: cpe:/a:golang:go

Required KB Items: installed_sw/Golang Go Programming Language

Patch Publication Date: 9/3/2025

Vulnerability Publication Date: 9/3/2025

Reference Information

CVE: CVE-2025-47910

IAVB: 2025-B-0149