Hi, I am the original reporter of the vulnerabilities recently addressed in Go 1.25.6/1.24.x (CVE-2025-61730, CVE-2025-68121).
I am writing to inform the community that the official fix provided by the Go security team is critically flawed and causes significant regressions in the networking ecosystem (notably breaking quic-go). 1. Missing Root Cause in Official Advisory The official advisory attributes the risk to "misuse of APIs," but the root cause is a fundamental logic error in Go's TLS 1.3 state machine during session resumption. Specifically, it fails to re-validate the identity of the trust anchor when a session is resumed, allowing for Cross-CA certificate bypass. 2. Flawed Patch Implementation The current official patch (CL 735051) contains amateurish errors that undermine its effectiveness: Incorrect Indexing: It attempts to verify peerCertificates instead of the verifiedChain (that include RootCA). Ecosystem Breakage: By aggressively blocking Config.Clone logic to "fix" the issue, it has paralyzed 0-RTT and session resumption in the QUIC ecosystem. 3. Proposed O(1) Solution I have proposed a far more elegant solution that performs a constant-time SHA-224 fingerprint check of the root CA. This fixes the vulnerability without breaking the Config.Clone semantics or performance. Details and Discussion: https://github.com/golang/go/issues/77217 I encourage downstream maintainers (SUSE, Red Hat, Debian) to review the fix before deploying it to mission-critical infrastructure. Best regards, Coia Prant (rbqvq)
