diff --git a/.changelog/3341.internal.md b/.changelog/3341.internal.md
new file mode 100644
index 00000000000..dc762107745
--- /dev/null
+++ b/.changelog/3341.internal.md
@@ -0,0 +1 @@
+go/dependencies/etcd: update etcd with replace directive
diff --git a/go/.nancy-ignore b/go/.nancy-ignore
index 0bae8644072..e69de29bb2d 100644
--- a/go/.nancy-ignore
+++ b/go/.nancy-ignore
@@ -1,5 +0,0 @@
-# Beats me how and why etcd is even imported in viper.
-# https://github.com/spf13/viper/issues/956
-CVE-2020-15114
-CVE-2020-15136
-CVE-2020-15115
diff --git a/go/go.mod b/go/go.mod
index 6079d022ca0..b3bb46bdf49 100644
--- a/go/go.mod
+++ b/go/go.mod
@@ -1,6 +1,10 @@
 module github.com/oasisprotocol/oasis-core/go
 
 replace (
+	// Fixes vulnerabilities in etcd v3.3.{10,13} (dependencies via viper).
+	// Can be removed once there is a spf13/viper release with updated etcd.
+	// https://github.com/spf13/viper/issues/956
+	github.com/coreos/etcd => github.com/coreos/etcd v3.3.25+incompatible
 	// Updates the version used in spf13/cobra (dependency via tendermint) as
 	// there is no release yet with the fix. Remove once an updated release of
 	// spf13/cobra exists and tendermint is updated to include it.
diff --git a/go/go.sum b/go/go.sum
index 09086e00deb..a8de4d3ab99 100644
--- a/go/go.sum
+++ b/go/go.sum
@@ -114,8 +114,7 @@ github.com/cockroachdb/datadriven v0.0.0-20190809214429-80d97fb3cbaa/go.mod h1:z
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd h1:qMd81Ts1T2OTKmB4acZcyKaMtRnY5Y44NuXGX2GFJ1w=
 github.com/codahale/hdrhistogram v0.0.0-20161010025455-3a0bb77429bd/go.mod h1:sE/e/2PUdi/liOCUjSTXgM1o87ZssimdTWN964YiIeI=
 github.com/coreos/bbolt v1.3.2/go.mod h1:iRUV2dpdMOn7Bo10OQBFzIJO9kkE559Wcmn+qkEiiKk=
-github.com/coreos/etcd v3.3.10+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
-github.com/coreos/etcd v3.3.13+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
+github.com/coreos/etcd v3.3.25+incompatible/go.mod h1:uF7uidLiAD3TWHmW31ZFd/JWoc32PjwdhPthX9715RE=
 github.com/coreos/go-etcd v2.0.0+incompatible/go.mod h1:Jez6KQU2B/sWsbdaef3ED8NzMklzPG4d5KIOhIy30Tk=
 github.com/coreos/go-semver v0.2.0/go.mod h1:nnelYz7RCh+5ahJtPPxZlU+153eP4D4r3EedlOD2RNk=
 github.com/coreos/go-semver v0.3.0 h1:wkHLiw0WNATZnSG7epLsujiMCgPAc9xhjJ4tgnAxmfM=