Issue with CVE-2025-22874 related to crypto/x509 go package used in nginx prometheus exporter

[sainikhil-1903]

Describe the bug
Issue with CVE-2025-22874 related to crypto/x509 go package used in nginx prometheus exporter.
Link to the CVE :
https://access.redhat.com/security/cve/cve-2025-22874
https://pkg.go.dev/vuln/GO-2025-3749

Expected behavior
Currently Go lang version used in 1.4.2 version is 1.24.2, CVE is fixed once Go lang version is upgraded to more than 1.24.4

Your environment

• Version of the Prometheus exporter - 1.4.2
• Using NGINX and NGINX Plus - both

Additional context
Add any other context about the problem here. Any log files you want to share.

[nginx-bot]

Hi @sainikhil-1903! Welcome to the project! 🎉

Thanks for opening this issue!
Be sure to check out our Contributing Guidelines and the Issue Lifecycle while you wait for someone on the team to take a look at this.

[bartoszkosiorek]

Another issue which will be solved with Go update to v1.24.4 is CVE-2025-4673: https://access.redhat.com/security/cve/cve-2025-4673

[AlexFenlon]

Go 1.25.0 has been released in v1.5.0 so the CVE should be solved