Home > Vulnerability Database > CVE-2025-58189

Mend.io Vulnerability Database

CVE-2025-58189

Good to know:

Date: October 7, 2025

In Go before 1.24.8 and 1.25.x before 1.25.2, When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped. The impact for this is relatively limited.

Severity Score

5.3

Related Resources (3)

Url: https://github.com/golang/go/commit/4e9006a716533fe1c7ee08df02dfc73078f7dc19

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58189

Url: https://www.mend.io/vulnerability-database/CVE-2025-58189

Severity Score

5.3

Weakness Type (CWE)

Improper Validation of Certificate with Host Mismatch

CWE-297

Top Fix

Upgrade Version

Upgrade to version https://github.com/golang/go.git - go1.24.8;https://github.com/golang/go.git - go1.25.2

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58189

Good to know:

Date: October 7, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?