CVE-2025-58189Log File Information Exposure in Standard Library Crypto TLS

CWE-532Log File Information ExposureCWE-117Improper Output Neutralization for Logs12 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.0%
top 98.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GO Standard Library Crypto TLSGolang GO
Timeline
PublishedOct 29
Latest updateOct 30

Description

When Conn.Handshake fails during ALPN negotiation the error contains attacker controlled information (the ALPN protocols sent by the client) which is not escaped.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDgolang/go1.25.01.25.2+1
CVEListV5go_standard_library/crypto_tls1.25.01.25.2+1

Patches

Patch: go.dev

🔴Vulnerability Details

4
GHSA
GHSA-cxq7-xw9v-rcv3: When Conn2025-10-30
OSV
CVE-2025-58189: When Conn2025-10-29
OSV
ALPN negotiation error contains attacker controlled information in crypto/tls2025-10-29
CVEList
ALPN negotiation error contains attacker controlled information in crypto/tls2025-10-29

📋Vendor Advisories

3
Red Hat
crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information2025-10-29
Microsoft
ALPN negotiation error contains attacker controlled information in crypto/tls2025-10-14
Debian
CVE-2025-58189: golang-1.15 - When Conn.Handshake fails during ALPN negotiation the error contains attacker co...2025

💬Community

4
Bugzilla
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-42]2025-10-30
Bugzilla
CVE-2025-58189 trivy: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]2025-10-30
Bugzilla
CVE-2025-58189 docker-distribution: go crypto/tls ALPN negotiation error contains attacker controlled information [fedora-43]2025-10-30
Bugzilla
CVE-2025-58189 crypto/tls: go crypto/tls ALPN negotiation error contains attacker controlled information2025-10-29
CVE-2025-58189 — Log File Information Exposure | cvebase