CVE-2025-68121

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68121

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68121.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-68121

Aliases

Downstream

BELL-CVE-2025-68121

CLEANSTART-2026-TR92727

DEBIAN-CVE-2025-68121

ECHO-96ed-a068-f164

MINI-262f-pj32-574h

MINI-2g9g-mp3g-58vc

MINI-2hqj-jrhr-99hm

MINI-4228-22h2-h5qw

MINI-422j-jp9r-96v5

MINI-4grf-rp8w-688h

MINI-4r9w-xh7r-9pgw

MINI-4v8g-q6v5-h2v3

MINI-5cmg-9xq9-v4jv

MINI-68wg-jxq2-qjg2

MINI-695v-8g7x-9xh5

MINI-6g4m-6vwr-w5p4

MINI-6jrx-vhmj-chmp

MINI-7f9h-mx48-fv47

MINI-7r44-4h6r-728f

MINI-82xx-67ph-6vg2

MINI-8rqp-627f-c7x5

MINI-9j69-2wq2-8m9w

MINI-9w32-g87g-2fxq

MINI-c48g-5hwr-r7mc

MINI-cgcm-j68v-p743

MINI-chpf-2h62-9rj8

MINI-cq4g-m2pv-9fqm

MINI-fg9v-cfvh-gg5g

MINI-fg9x-48r3-39ff

MINI-fqgx-3698-wq36

MINI-fr2f-vxx4-qqxg

MINI-g47p-3rvp-5cfj

MINI-g7qx-7937-6m9p

MINI-gf7x-hj75-w8q3

MINI-gwwg-9mx7-g9pq

MINI-h88r-c42x-3g7r

MINI-h8xx-2r47-jfm3

MINI-hq8f-37rj-g7v6

MINI-hrvq-2qpm-gqjp

MINI-j7cc-m6cw-cf8q

MINI-jmh6-p3hq-6xh3

MINI-jqc9-pr4h-wc99

MINI-mjrf-jv6j-vcxf

MINI-mw96-j9hc-f846

MINI-p3hw-mj28-9j27

MINI-pwqv-mhj9-6v9w

MINI-q3fc-j37p-hp5j

MINI-qp2w-7wh6-9hg7

MINI-qv77-xmw9-5348

MINI-r94m-86vh-5wg3

MINI-rc72-2gr5-677j

MINI-rvfp-pq6m-6gx8

MINI-vqxr-xwrm-pw3h

MINI-w779-jg4p-84mp

MINI-whm6-cfqg-2h7m

MINI-wjv4-gpq8-v3wj

MINI-wr2x-prw2-wr36

MINI-x258-hhfw-7837

MINI-x57v-2vvm-8882

MINI-x735-vx3g-99cx

MINI-xjvq-h3mx-r8v4

MINI-xmff-952c-75hh

RHSA-2026:2706

RHSA-2026:2708

RHSA-2026:2709

RHSA-2026:2914

RHSA-2026:2920

RLSA-2026:2706

RLSA-2026:2708

RLSA-2026:2709

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

SUSE-SU-2026:0308-1

UBUNTU-CVE-2025-68121

Related

Published

2026-02-05T18:16:10.857Z

Modified

2026-02-17T08:13:39.675105Z

Severity

10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

During session resumption in crypto/tls, if the underlying Config has its ClientCAs or RootCAs fields mutated between the initial handshake and the resumed handshake, the resumed handshake may succeed when it should have failed. This may happen when a user calls Config.Clone and mutates the returned Config, or uses Config.GetConfigForClient. This can cause a client to resume a session with a server that it would not have resumed with during the initial handshake, or cause a server to resume a session with a client that it would not have resumed with during the initial handshake.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

96e4e2b1616c3c59577d48abcf2823bf1fdcd2e2

Introduced

6e676ab2b809d46623acb5988248d95d1eb7939c

Fixed

eaf3bc799a221cc375f188e8699c9330c1caf40a

Affected versions

go1.*

go1.25.0

go1.25.1

go1.25.2

go1.25.3

go1.25.4

go1.25.5

go1.25.6

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-68121.json"