CVE-2025-61730 is a vulnerability categorized under CWE-940 (Improper Verification of Source of a Communication Channel) found in the Go standard library's crypto/tls package, specifically affecting TLS 1.3 handshake processing. During the handshake, TLS messages are exchanged at different encryption levels. This vulnerability occurs when multiple TLS handshake messages are sent in records that cross encryption level boundaries—for example, when the Client Hello and Encrypted Extensions messages are included in the same record. Due to improper handling, subsequent messages may be processed before the encryption level is updated, allowing a network-local attacker capable of injecting messages during the handshake to cause minor information disclosure. The flaw does not affect message integrity or availability and does not require any authentication or user interaction to exploit. The affected versions include all Go versions up to 1.25.0. The CVSS v3.1 base score is 5.3, reflecting a medium severity with network attack vector, low attack complexity, no privileges required, no user interaction, unchanged scope, and limited confidentiality impact. No patches or known exploits are currently available or reported. This vulnerability highlights the importance of strict message boundary and encryption level verification during TLS 1.3 handshakes to prevent leakage of sensitive handshake information.

For European organizations, the primary impact is minor information disclosure during TLS 1.3 handshakes in applications using the Go standard library's crypto/tls package. This could potentially expose sensitive handshake data to network-local attackers capable of injecting messages, which may aid in further reconnaissance or targeted attacks. While the confidentiality impact is limited and does not compromise session keys or encrypted application data, it could weaken the overall security posture. Organizations relying on Go for critical services, especially those handling sensitive or regulated data, may face increased risk of subtle data leaks. The vulnerability does not affect data integrity or availability, so service disruption or data tampering risks are minimal. However, the presence of this flaw could undermine trust in TLS connections and complicate compliance with data protection regulations such as GDPR if sensitive information is leaked. The risk is higher in environments with untrusted or compromised local networks, such as public Wi-Fi or shared infrastructure.

European organizations should monitor Go project updates and apply patches promptly once released for versions up to 1.25.0. In the interim, consider mitigating exposure by limiting TLS 1.3 handshake message fragmentation across encryption boundaries, if configurable, or by enforcing strict network controls to prevent message injection by local attackers. Employ network segmentation and robust intrusion detection systems to detect anomalous TLS handshake behaviors. Additionally, organizations should audit their use of the Go crypto/tls package in critical applications and consider temporary workarounds such as disabling TLS 1.3 if feasible and acceptable, or using alternative TLS libraries not affected by this vulnerability. Regularly review network security posture to reduce the risk of local attackers gaining the capability to inject messages. Finally, ensure comprehensive logging and monitoring of TLS handshake failures or anomalies to detect potential exploitation attempts.