CVE-2025-4673: Sensitive headers not cleared on cross-origin redirect in net/http

Q: What is the severity of CVE-2025-4673?

CVE-2025-4673 has a medium severity rating due to the risk of leaking sensitive information through improperly handled headers.

Q: How do I fix CVE-2025-4673?

To fix CVE-2025-4673, ensure that Proxy-Authorization and Proxy-Authenticate headers are not exposed during cross-origin redirects.

Q: What types of applications are affected by CVE-2025-4673?

CVE-2025-4673 affects applications utilizing the Go programming language, particularly in scenarios involving proxy headers during redirection.

Q: What data could be leaked due to CVE-2025-4673?

CVE-2025-4673 could potentially leak sensitive data such as authentication credentials and session tokens.

Q: Is there a workaround for CVE-2025-4673 before a patch is available?

A temporary workaround for CVE-2025-4673 includes adjusting proxy configurations to sanitize headers before cross-origin redirects.

Published Jun 5, 2025

Updated

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Affected Software

2 affected components

go Go>=1.23.10<=1.24.4

IBM Concert Software<=1.0.0-2.1.0

Event History

Jun 11, 2025

CVE Published

via MITRE·04:42 PM

Data Sourced

via MITRE·04:42 PM

DescriptionWeakness

Data Sourced

via NVD·05:15 PM

DescriptionSeverity

Jun 18, 2025

Data Sourced

via Red Hat·06:35 AM

DescriptionSeverityAffected Software

Jan 21, 2026

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Frequently Asked Questions

What is the severity of CVE-2025-4673?

CVE-2025-4673 has a medium severity rating due to the risk of leaking sensitive information through improperly handled headers.

How do I fix CVE-2025-4673?

To fix CVE-2025-4673, ensure that Proxy-Authorization and Proxy-Authenticate headers are not exposed during cross-origin redirects.

What types of applications are affected by CVE-2025-4673?

CVE-2025-4673 affects applications utilizing the Go programming language, particularly in scenarios involving proxy headers during redirection.

What data could be leaked due to CVE-2025-4673?

CVE-2025-4673 could potentially leak sensitive data such as authentication credentials and session tokens.

Is there a workaround for CVE-2025-4673 before a patch is available?

A temporary workaround for CVE-2025-4673 includes adjusting proxy configurations to sanitize headers before cross-origin redirects.

CVE-2025-4673: Sensitive headers not cleared on cross-origin redirect in net/http

Affected Software

Event History

Don't miss critical vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2025-4673?

How do I fix CVE-2025-4673?

What types of applications are affected by CVE-2025-4673?

What data could be leaked due to CVE-2025-4673?

Is there a workaround for CVE-2025-4673 before a patch is available?

Company

Resources

Contact