SB2025101039 - SUSE update for go1.25-openssl
Published: October 10, 2025
Security Bulletin ID
SB2025101039
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Protection Mechanism Failure (CVE-ID: CVE-2025-47910)
CWE-ID: CWE-693 - Protection Mechanism Failure
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to insufficient implementation of security measures in http.CrossOriginProtection. The AddInsecureBypassPattern method can unexpectedly bypass more requests than intended. An attacker can bypass implemented security restrictions.
Remediation
Install update from vendor's website.