AI description
CVE-2025-0913 is associated with multiple vulnerabilities across different software. One vulnerability affects the Slider & Popup Builder by Depicter plugin for WordPress. Specifically, it is a generic SQL Injection vulnerability present in versions up to and including 3.6.1. The vulnerability lies in the 's' parameter due to insufficient escaping of user-supplied input and inadequate preparation of the existing SQL query. Another vulnerability, CVE-2025-0913, is found in Ashlar-Vellum Cobalt related to CO file parsing. This use-after-free vulnerability allows remote attackers to execute arbitrary code on affected installations. Exploitation requires user interaction, such as opening a malicious file. The flaw stems from the lack of validation of an object's existence before operations are performed on it.
- Description
- os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
- Source
- security@golang.org
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- Hype score
- Not currently trending
CVE-2025-0913 os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREA… https://t.co/Yup2PxEyWw
@CVEnew
11 Jun 2025
428 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚀 URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). 🔐 Impacts: ✔ Certificate validation bypass ✔ HTTP header leaks ✔ Permission flaws Read more : 👇https://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R
@Cezar_H_Linux
10 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mageia9 patches 3 Golang CVEs: ✅ Proxy-Auth header leaks (CVE-2025-4673) ✅ Symlink handling flaws (CVE-2025-0913) ✅ x509 policy bypass (CVE-2025-22874) Read more: 👉 https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B
@Cezar_H_Linux
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🎆 Go 1.24.4 and 1.23.10 are released! 🔐 Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. 📰 Announcement: https://t.co/C3AeYy8ZX8 📦 Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes