VYPR
Unrated severityNVD Advisory· Published Dec 3, 2025· Updated Dec 3, 2025

Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509

CVE-2025-61727

Description

An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

1414

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.