CVE-2025-4673Standard Library NET Http vulnerability

11 documents10 sources
Severity
6.8MEDIUMNVD
EPSS
0.1%
top 77.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GO Standard Library NET Http
Timeline
PublishedJun 11
Latest updateJun 27

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 2.2 | Impact: 4.0

Affected Packages1 packages

CVEListV5go_standard_library/net_http1.24.0-01.24.4+1

🔴Vulnerability Details

4
OSV
Sensitive headers not cleared on cross-origin redirect in net/http2025-06-11
OSV
CVE-2025-4673: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information2025-06-11
CVEList
Sensitive headers not cleared on cross-origin redirect in net/http2025-06-11
GHSA
GHSA-62jj-gr2r-5c34: Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information2025-06-11

📋Vendor Advisories

4
Ubuntu
Go vulnerabilities2025-06-18
Red Hat
net/http: Sensitive headers not cleared on cross-origin redirect in net/http2025-06-11
Microsoft
Sensitive headers not cleared on cross-origin redirect in net/http2025-06-10
Debian
CVE-2025-4673: golang-1.15 - Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin red...2025

💬Community

1
HackerOne
Failure to strip Proxy-Authorization header on change in origin2025-06-27
CVE-2025-4673 — Standard Library NET Http vulnerability | cvebase