From 28153d4a55229bc1c9593f2e649d3dff15afba11 Mon Sep 17 00:00:00 2001
From: Naveen Sreeramachandra <naveen.sreeramachandra@broadcom.com>
Date: Wed, 14 Jan 2026 14:48:06 -0800
Subject: [PATCH] Update Go version to 1.25.5 to address CVE-2025-61729 (#3682)

CVE-2025-61729 (GO-2025-4155) is a high-severity vulnerability affecting
Go versions < 1.24.11 and 1.25.0-1.25.4. The vulnerability causes
excessive resource consumption in printing error strings for host
certificate validation.

This commit updates the Go version from 1.25.4 to 1.25.5, which includes
the fix for this CVE.

Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-61729
---
 go.mod | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/go.mod b/go.mod
index d50e02344c..0473a3c465 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module code.cloudfoundry.org/cli/v8
 
-go 1.25.4
+go 1.25.5
 
 require (
 	code.cloudfoundry.org/bytefmt v0.61.0