216.73.216.89

CVE-2025-47910

· Published 22/09/2025 21:15 · Modified 22/09/2025 21:22

Labels: CVE-2025-47910 2025-09-22CVE-2025-47910[email protected]

Essential information

Published
22/09/2025 21:15
Modified
22/09/2025 21:22
Author
Creator
CISA KEV
No
CWE

Description

When using http.CrossOriginProtection, the AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. CrossOriginProtection then skips validation, but forwards the original request path, which may be served by a different handler without the intended security protections.

NVD status

Status
Awaiting Analysis — CVE has been marked for Analysis. Normally once in this state the CVE will be analyzed by NVD staff within 24 hours.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
golang / http.crossoriginprotection cpe:2.3:a:golang:http.crossoriginprotection:*:*:*:*:*:*:*:*

References