Update Go version to 1.25.5 to address CVE-2025-61729 (#3682) (#3689)

prkalle · navinms711 · web-flow · commit 6c83815d3c6b · 2026-01-31T20:32:24.000-08:00
CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes excessive resource consumption in printing error strings for host certificate validation. This commit updates the Go version from 1.25.4 to 1.25.5, which includes the fix for this CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729 Co-authored-by: Naveen Sreeramachandra <naveen.sreeramachandra@broadcom.com>
diff --git a/go.mod b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli/v8
 
-go 1.25.4
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.61.0
