This is a PRIVATE issue for CVE-2025-4674, tracked in http://b/396467515 and fixed by https://go-internal-review.git.corp.google.com/c/go/+/2400.
/cc @golang/security and @golang/release
Comment From: rolandshoemaker
@gopherbot please open backport issues for this.
Comment From: gopherbot
Backport issue(s) opened: #74381 (for 1.23), #74382 (for 1.24).
Remember to create the cherry-pick CL(s) as soon as the patch is submitted to master, according to https://go.dev/wiki/MinorReleases.