Security [High] CVE-2025-22874


## Vulnerability Details

- **ID:** CVE-2025-22874
- **Severity:** High
- **Affected Provider Version:** ['v0.9.0', 'v0.8.2']
- **Package:** stdlib
- **Package Version:** go1.23.8
- **Type:** go-module
- **Description:** Calling Verify with a VerifyOptions.KeyUsages that contains ExtKeyUsageAny unintentionally disabledpolicy validation. This only affected certificate chains which contain policy graphs, which are rather uncommon.
- **Fix State:** fixed
- **Fix Versions:** 1.23.10, 1.24.4
- **Artifact Paths:** /function
- **More Info:** https://go.dev/cl/670375, https://go.dev/issue/73612, https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A, https://pkg.go.dev/vuln/GO-2025-3749

---

This vulnerability was detected during the periodic CVE scan.


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security [High] CVE-2025-22874 #223

Vulnerability Details

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security [High] CVE-2025-22874 #223

Description

Vulnerability Details

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions