CVE-2025-22873

Golang

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-22873 refers to a vulnerability in the tokenizer that incorrectly interprets tags. Specifically, it affects tags with unquoted attribute values ending with a solidus character (/). This can lead to the tags being incorrectly marked as self-closing. When using the Parse functions, content following such tags might be placed in the wrong scope during DOM construction. However, this only occurs when the tags are in foreign content contexts such as `<math>` or `<svg>`.

Description: -

Hype score: Not currently trending

🥳 Go 1.24.3 and 1.23.9 are released! 🔒 Security: Includes a security fix for os (CVE-2025-22873). 📢 Announcement: https://t.co/NSlb8YpByl 📦 Download: https://t.co/kdscQdOrVL #golang https://t.co/DCpPjhDopW
@golang
6 May 2025
23298 Impressions
123 Retweets
530 Likes
26 Bookmarks
3 Replies
6 Quotes

References

Sources include official advisories and independent security research.

https://www.cve.org/CVERecord?id=CVE-2025-22873

Overview

AI description

Social media

References