CVE-2025-61727

{"id": "CVE-2025-61727", "cveTags": [], "metrics": {}, "published": "2025-12-03T20:16:25.607", "references": [{"url": "https://go.dev/cl/723900", "source": "[email protected]"}, {"url": "https://go.dev/issue/76442", "source": "[email protected]"}, {"url": "https://groups.google.com/g/golang-announce/c/8FJoBkPddm4", "source": "[email protected]"}, {"url": "https://pkg.go.dev/vuln/GO-2025-4175", "source": "[email protected]"}], "vulnStatus": "Received", "descriptions": [{"lang": "en", "value": "An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com."}], "lastModified": "2025-12-03T20:16:25.607", "sourceIdentifier": "[email protected]"}