Home > Vulnerability Database > CVE-2025-47910

Mend.io Vulnerability Database

CVE-2025-47910

Good to know:

Date: September 22, 2025

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

Severity Score

5.4

Related Resources (6)

Url: https://groups.google.com/g/golang-announce/c/PtW9VW21NPs/m/DJhMQ-m5AQAJ

Url: https://go.dev/cl/699275

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47910

Url: https://go.dev/issue/75054

Url: https://pkg.go.dev/vuln/GO-2025-3955

Url: https://www.mend.io/vulnerability-database/CVE-2025-47910

Severity Score

5.4

Top Fix

Upgrade Version

Upgrade to version github.com/golang/go - go1.25.1;https://github.com/golang/go.git - go1.25.1

Learn More

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47910

Good to know:

Date: September 22, 2025

Severity Score

Related Resources (6)

Severity Score

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?