CVE-2025-68121: CWE-295: Improper Certificate Validation in Go standard library crypto/tls
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
AI Analysis
Technical Summary
This vulnerability arises from improper validation of certificates during TLS session resumption in Go's crypto/tls library. Specifically, if the TLS Config's ClientCAs or RootCAs fields are changed after the initial handshake but before resumption, the resumed handshake may incorrectly succeed. This is due to the resumed handshake relying on the mutated Config rather than the original validation context. The issue affects Go versions prior to 1.26.0-rc.1 and can lead to resumed sessions with entities that would have been rejected initially, violating expected authentication constraints. The CVSS v3.1 score is 9.1 (critical) with network attack vector, low complexity, no privileges or user interaction required, and high confidentiality and integrity impact.
Potential Impact
The vulnerability can allow an attacker to bypass intended certificate validation during TLS session resumption, potentially enabling unauthorized session resumption with a client or server that would have been rejected during the initial handshake. This undermines the security guarantees of TLS authentication, risking confidentiality and integrity of communications. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. There are no patch links provided in the current data. Users should monitor official Go project advisories for updates and avoid mutating Config.ClientCAs or Config.RootCAs between handshakes as a temporary mitigation if possible.
CVE-2025-68121: CWE-295: Improper Certificate Validation in Go standard library crypto/tls
Description
During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper validation of certificates during TLS session resumption in Go's crypto/tls library. Specifically, if the TLS Config's ClientCAs or RootCAs fields are changed after the initial handshake but before resumption, the resumed handshake may incorrectly succeed. This is due to the resumed handshake relying on the mutated Config rather than the original validation context. The issue affects Go versions prior to 1.26.0-rc.1 and can lead to resumed sessions with entities that would have been rejected initially, violating expected authentication constraints. The CVSS v3.1 score is 9.1 (critical) with network attack vector, low complexity, no privileges or user interaction required, and high confidentiality and integrity impact.
Potential Impact
The vulnerability can allow an attacker to bypass intended certificate validation during TLS session resumption, potentially enabling unauthorized session resumption with a client or server that would have been rejected during the initial handshake. This undermines the security guarantees of TLS authentication, risking confidentiality and integrity of communications. There are no known exploits in the wild as of the published date.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. There are no patch links provided in the current data. Users should monitor official Go project advisories for updates and avoid mutating Config.ClientCAs or Config.RootCAs between handshakes as a temporary mitigation if possible.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- Go
- Date Reserved
- 2025-12-15T16:48:04.451Z
- Cvss Version
- null
- State
- PUBLISHED
Threat ID: 6984daa9f9fa50a62f30a655
Added to database: 2/5/2026, 6:00:09 PM
Last enriched: 4/30/2026, 2:02:37 AM
Last updated: 5/7/2026, 8:00:06 AM
Views: 4210
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.