CriticalPublic exploit

Unexpected session resumption in Go crypto/tls

IdentifiersCVE-2025-68121CWE-295· Improper Certificate Validation

In Go's crypto/tls, session resumption can incorrectly succeed if the tls.Config trust settings are changed between the original handshake and a resumed handshake. Specifically, if the underlying Config has its ClientCAs or RootCAs fields mutated after the initial handshake, the resumed handshake may be accepted even though a full handshake under the updated configuration should fail. The issue can arise when an application calls Config.Clone() and then mutates the returned configuration, or when it uses Config.GetConfigForClient and returns configurations whose CA pools differ over time. As a result, a client may resume a session with a server it would no longer trust, or a server may resume a session with a client it would no longer accept under mutual TLS policy.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

This flaw can bypass expected certificate validation and trust-policy changes during TLS session resumption. It may allow continued use of previously established sessions after ClientCAs or RootCAs have changed, weakening server authentication or mutual TLS enforcement. In practice, this can permit unauthorized or unintended resumed connections that should have been rejected under the current CA configuration, reducing the effectiveness of trust-anchor rotation, client-auth policy changes, or other certificate validation controls.

Mitigation

If you can’t patch tonight, do this now.

Do not mutate ClientCAs or RootCAs on tls.Config objects that may participate in resumable sessions. Avoid patterns where Config.Clone() results share mutable CA state with active configurations, and ensure GetConfigForClient does not return configs whose trust stores can change during the lifetime of resumable sessions. Where dynamic CA/trust changes are required and an upgrade is not yet possible, disable TLS session resumption for affected endpoints to force full handshakes under current validation policy.

Remediation

Patch, then assume compromise.

Upgrade to a fixed Go release that corrects crypto/tls session resumption behavior for mutated ClientCAs/RootCAs. The provided advisory context indicates patched Go versions include 1.25.7 or 1.24.13 for this CVE. Downstream products statically linking affected Go runtime/library versions should also be rebuilt or upgraded against a fixed Go toolchain.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

GolangGoapplication

Rocky LinuxGo-Fdo-Clientapplication

Rocky LinuxGo-Fdo-Serverapplication

Rocky LinuxImage-Builderapplication

Rocky LinuxOsbuild-Composerapplication

TraefikTraefikapplication

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

56 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

56 SOURCESView more in app

techrepublic com securityNews

Jan 16, 2026

Go Programming Language 1.26 Patches Several Security Flaws - TechRepublic

Go crypto/tls session management flaw where Config.Clone incorrectly copies auto-generated session ticket keys, potentially enabling unintended/unauthorized TLS session resumption due to key reuse/sharing behavior.

cyber security newsNews

Jan 16, 2026

Go 1.25.6 and 1.24.12 Patch Critical Vulnerabilities Lead to DoS and Memory Exhaustion Risks

A crypto/tls vulnerability in Go where Config.Clone can leak auto-generated session ticket keys (enabling unauthorized session resumption across configs) and certificate validation logic fails to consider full certificate chain expiration.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity28

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2025-68121

NVD

nvd.nist.gov/vuln/detail/CVE-2025-68121

MITRE CWE · CWE-295

Improper Certificate Validation

Patch

go.dev/cl/737700

Vendor Advisory

pkg.go.dev/vuln/GO-2026-4337

Third Party Advisory

groups.google.com/g/golang-announce/c/K09ubi9FQFk

Exploit

go.dev/issue/77217