External risk intelligence

Go TLS flaw lets attackers bypass security checks for full control or data theft

CVE advisorySeverity: CRITICAL (CVSS 10.0)

CVE-2025-68121

A critical flaw in Go's TLS library could let attackers bypass security checks when resuming encrypted connections, potentially exposing sensitive data or granting unauthorized access. Update your Go installations now.

4Halo Surface Signal

Golang Go

before 1.24.131.25.0 to before 1.25.71.26.0

External exposure likelihood

Halo Surface Signal score for CVE-2025-68121

The vulnerability resides in the Go crypto/tls library, which is foundational to many Go-based web servers, APIs, and edge services. Because these services are commonly deployed as internet-facing endpoints that handle TLS handshakes and session resumption, the vulnerable surface is frequently exposed to the public internet in standard production environments.

Horizon Alert

Summary of the vulnerability and why it matters

This vulnerability in the Go programming language's crypto/tls library can allow attackers to bypass security checks during session resumption. If a server or client's configuration is changed between initial setup and resuming a session, the security protocols might not re-validate correctly, potentially leading to unauthorized access or data exposure. Teams should pay close attention because this impacts secure communication channels that rely on Go's TLS implementation.

Bypasses security checks.
Affects secure communication.
Reachable from the internet.

Attack Path

How an attacker could exploit the issue

An attacker could exploit this vulnerability by manipulating TLS session resumption to impersonate a legitimate client or server. This could allow them to bypass security checks that would have failed during the initial handshake, leading to unauthorized access or data compromise.

Unauthenticated network access is possible.
Exploits TLS session resumption logic.
Requires a vulnerable Go version.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability in Go's TLS session resumption could be attractive to attackers due to its potential to bypass authentication checks under specific, albeit complex, circumstances. While not straightforward to exploit, successful weaponization could allow an attacker to impersonate a legitimate client or server, leading to man-in-the-middle attacks or unauthorized access. The complexity of manipulating session state between handshakes may deter widespread, automated exploitation.

Exploitation is not observed.
No public exploit is available.
The vulnerability is in core TLS functionality.

Priority actions

Operational Fix

Recommended remediation, mitigation, and detection steps

Prioritize patching all Go installations to mitigate a critical session resumption vulnerability in the TLS library. This issue allows unauthenticated attackers to bypass certificate validation by resuming TLS sessions under specific, manipulated conditions, potentially leading to full system compromise.

Update Go to 1.24.14 or 1.25.8.
Monitor network traffic for unusual TLS session activity.
Isolate affected services if patching is delayed.

Frequently asked questions

What is the Go crypto/tls library and how does it handle secure communication?

The Go crypto/tls library is part of the Go programming language, enabling secure internet communication via the Transport Layer Security (TLS) protocol. Developers use it to build applications requiring secure data transmission, ensuring privacy and integrity for services like web servers and APIs.

How does CVE-2025-68121 allow bypassing security checks due to weakness CWE-295?

CVE-2025-68121, classified as CWE-295 (Improper Certificate Validation), occurs when a Go application resumes a TLS session. If security configurations like trusted CAs were altered between the initial handshake and the session resumption, the resumed handshake might incorrectly succeed, bypassing validation.

What is the trigger path for CVE-2025-68121 and what is the scope negation?

The vulnerability in Go's crypto/tls library is triggered during session resumption. If the Config's ClientCAs or RootCAs fields are modified after the initial handshake, the resumed handshake can bypass intended security checks, affecting both client and server-side session validations.

What is the relevance of CVE-2025-68121, and how does Halo Surface Signal assess it?

The relevance of CVE-2025-68121 lies in its critical impact on secure communication within Go applications. Halo Surface Signal assesses it as 'Likely' to be exploited because the vulnerability exists in the core crypto/tls library, commonly used in internet-facing Go services that handle TLS handshakes and session resumption.

What is the practical response for organizations to mitigate CVE-2025-68121?

To mitigate CVE-2025-68121, organizations must update their Go installations to versions 1.24.14 or 1.25.8. It is also advisable to monitor network traffic for any unusual TLS session activity and consider isolating affected services if immediate patching is not feasible.

References

Written by Nicholas Merritt

External-surface CVE analysis and Halo Surface Signal prioritization for Halo Threat Intelligence.