- Description
- os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
- Source
- security@golang.org
- NVD status
- Analyzed
- Products
- go
CVSS 3.1
- Type
- Secondary
- Base score
- 5.5
- Impact score
- 3.6
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
- nvd@nist.gov
- CWE-59
- Hype score
- Not currently trending
CVE-2025-0913 os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREA⦠https://t.co/Yup2PxEyWw
@CVEnew
11 Jun 2025
428 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π URGENT: #openSUSE Leap 15.6 patches critical #GoLang vulnerabilities (CVE-2025-22874, CVE-2025-0913, CVE-2025-4673). π Impacts: β Certificate validation bypass β HTTP header leaks β Permission flaws Read more : πhttps://t.co/tD2CaU1AV8 https://t.co/GCarji7v1R
@Cezar_H_Linux
10 Jun 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
#Mageia9 patches 3 Golang CVEs: β Proxy-Auth header leaks (CVE-2025-4673) β Symlink handling flaws (CVE-2025-0913) β x509 policy bypass (CVE-2025-22874) Read more: π https://t.co/6AmFFJ5tkT #DevSecOps https://t.co/hzSlkXsB2B
@Cezar_H_Linux
10 Jun 2025
16 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
π Go 1.24.4 and 1.23.10 are released! π Security: Includes security fixes for CVE-2025-4673, CVE-2025-0913, and CVE-2025-22874 in net/http, os, and crypto/x509. π° Announcement: https://t.co/C3AeYy8ZX8 π¦ Download: https://t.co/5hObjouLtK #golang https://t.co/NyEeP3
@golang
5 Jun 2025
18043 Impressions
101 Retweets
443 Likes
26 Bookmarks
4 Replies
4 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E629E4E8-C3BF-4BCA-969A-7F88BB968232",
"versionEndExcluding": "1.23.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0925799A-339C-4155-ABC6-E772A0EB73B4",
"versionEndExcluding": "1.24.4",
"versionStartIncluding": "1.24.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
]