CVE-2025-68121 is a vulnerability classified under CWE-295 (Improper Certificate Validation) found in the Go standard library's crypto/tls package. The issue specifically occurs during TLS session resumption, a mechanism designed to improve performance by reusing parameters from a previous handshake. The vulnerability manifests if the TLS Config structure's ClientCAs or RootCAs fields are altered between the initial handshake and the resumed handshake. Such mutations can happen when developers clone the Config object using Config.Clone and modify the returned copy, or when using Config.GetConfigForClient to dynamically generate configurations. Because the resumed handshake relies on the current Config state rather than the original, the resumed session may succeed even if the new Config would have rejected the peer during the initial handshake. This breaks the expected security guarantees of TLS, potentially allowing clients to resume sessions with servers they should not trust, or servers to resume sessions with unauthorized clients. The flaw affects all Go versions from 0 up to 1.25.0-0 and the release candidate 1.26.0-rc.1. The CVSS v3.1 base score is 7.4, reflecting a network attack vector with high confidentiality and integrity impact, but requiring high attack complexity and no privileges or user interaction. No public exploits are known at this time, but the vulnerability could be leveraged in man-in-the-middle attacks or unauthorized session resumptions, undermining TLS security assumptions. The root cause lies in improper handling of dynamic TLS configuration changes during session resumption, a subtle but critical flaw in the crypto/tls implementation.

The vulnerability undermines the security guarantees of TLS session resumption in Go applications, potentially allowing unauthorized session resumptions that bypass certificate validation. This can lead to unauthorized access, man-in-the-middle attacks, or data exposure if an attacker can manipulate or influence the TLS Config during session resumption. Confidentiality and integrity of communications are at risk, especially in environments relying on Go for secure client-server communications such as web services, APIs, and internal microservices. Organizations using Go in critical infrastructure, cloud services, or sensitive data exchanges may face increased risk of session hijacking or unauthorized access. The impact is amplified in large-scale deployments where TLS session resumption is common for performance optimization. Although no known exploits exist yet, the vulnerability's presence in a widely used standard library means many applications could be affected, increasing the attack surface globally.

To mitigate this vulnerability, organizations should upgrade to Go version 1.26.0 or later where the issue is resolved. Developers must audit their use of crypto/tls Config objects, avoiding mutation of ClientCAs or RootCAs fields between the initial handshake and session resumption. Instead of cloning and modifying Config objects dynamically, configurations should be immutable or carefully managed to ensure consistency across handshakes. If dynamic configuration is necessary, ensure that the same certificate authorities are used consistently or that session resumption is disabled when configurations differ. Additionally, implement strict monitoring and logging of TLS handshake failures and session resumptions to detect anomalies. Security teams should review their TLS usage patterns and consider disabling session resumption temporarily if immediate patching is not feasible. Finally, stay informed on updates from the Go project and apply patches promptly.