cbcvebase.
CVE-2025-61730
published 2026-01-28

CVE-2025-61730: During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.28%
19.3th percentile
During the TLS 1.3 handshake if multiple messages are sent in records that span encryption level boundaries (for instance the Client Hello and Encrypted Extensions messages), the subsequent messages may be processed before the encryption level changes. This can cause some minor information disclosure if a network-local attacker can inject messages during the handshake.

Affected

98 ranges· showing 25
VendorProductVersion rangeFixed in
3scale-amp23scale-rhel7-operator
3scale-amp23scale-rhel9-operator
3scale-amp263scale-operator
3scale-amp26operator
3scale-tech-previewauthorino-rhel9
advanced-cluster-securityrhacs-main-rhel8
ansible-automation-platform-26receptor-rhel9
ansible-automation-platformplatform-operator-bundle
build-of-trusteetrustee-rhel9-operator
cert-managerjetstack-cert-manager-rhel9
complianceopenshift-compliance-operator-bundle
container-native-virtualizationnode-maintenance-operator
container-native-virtualizationvirt-api
container-native-virtualizationvirt-api-rhel9
cryostatcryostat-storage-rhel9
custom-metrics-autoscalercustom-metrics-autoscaler-rhel9
debianceph
debiangolang-1.15< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.19< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.24< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
debiangolang-1.25< golang-1.24 1.24.12-1 (forky)golang-1.24 1.24.12-1 (forky)
devspacesudi-rhel9
devworkspacedevworkspace-rhel9-operator
dvodeployment-validation-rhel8-operator
edoexternal-dns-rhel8

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
ghsa7.5HIGH
osv7.5HIGH
vendor_debian5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.