How to fix EUVD-2025-18133?

Within 30 days: Identify affected systems and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Is Ubuntu affected by EUVD-2025-18133?

CVE-2025-4673 presents notable security risk rated CVSS 6.8. Exploitation could compromise the security of affected deployments. Organizations should apply vendor updates when available and monitor for exploitation.

EUVD-2025-18133

| CVE-2025-4673 MEDIUM

2025-06-11 [email protected]

6.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2025-18133

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

CVE Published

Jun 11, 2025 - 17:15 nvd

MEDIUM 6.8

Description

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Analysis

Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.

Technical Context

Information disclosure occurs when an application inadvertently reveals sensitive data to unauthorized actors through error messages, logs, or improper access controls.

Remediation

Implement proper access controls. Sanitize error messages in production. Review logging practices to avoid capturing sensitive data.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +34

POC: 0

Vendor Status

Ubuntu

Priority: Medium

golang

Release	Status	Version
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.6

Release	Status	Version
xenial	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.8

Release	Status	Version
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.9

Release	Status	Version
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.10

Release	Status	Version
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.13

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.14

Release	Status	Version
focal	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.16

Release	Status	Version
bionic	needs-triage	-
focal	needs-triage	-
jammy	DNE	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.17

Release	Status	Version
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
questing	DNE	-

golang-1.18

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
focal	needs-triage	-
questing	DNE	-

golang-1.20

Release	Status	Version
jammy	needs-triage	-
noble	DNE	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
focal	needs-triage	-
questing	DNE	-

golang-1.21

Release	Status	Version
jammy	needs-triage	-
noble	needs-triage	-
oracular	DNE	-
plucky	DNE	-
upstream	needs-triage	-
focal	needs-triage	-
questing	DNE	-

golang-1.22

Release	Status	Version
plucky	DNE	-
upstream	needs-triage	-
jammy	released	1.22.2-2~22.04.3
noble	released	1.22.2-2ubuntu0.4
oracular	released	1.22.8-1ubuntu0.1
focal	needs-triage	-
questing	DNE	-

golang-1.23

Release	Status	Version
jammy	needs-triage	-
noble	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-
plucky	ignored	end of life, was needs-triage

golang-1.24

Release	Status	Version
oracular	DNE	-
upstream	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
plucky	ignored	end of life, was needs-triage

USN-7574-1

Debian

Bug #1107390

golang-1.15

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.15.15-1~deb11u4	-
(unstable)	fixed	(unfixed)	-

golang-1.19

Release	Status	Fixed Version	Urgency
bookworm	vulnerable	1.19.8-2	-
(unstable)	fixed	(unfixed)	-

golang-1.24

Release	Status	Fixed Version	Urgency
trixie	fixed	1.24.4-1	-
forky, sid	fixed	1.24.13-2	-
(unstable)	fixed	1.24.4-1	-

golang-1.23

Release	Status	Fixed Version	Urgency
(unstable)	fixed	1.23.10-1	-

EUVD-2025-18133 vulnerability details – vuln.today

Back

EUVD-2025-18133

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

EUVD-2025-18133

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code