CVE-2025-47906
AI description
CVE-2025-47906 refers to a security vulnerability found in Go versions 1.24.6 and 1.23.12. Specifically, it affects the `os/exec` package. The vulnerability arises because the `LookPath` function might return unexpected paths if the PATH environment variable includes paths that are executable files instead of directories. Passing certain strings to LookPath ("", ".", and "..") could lead to the unexpected return of binaries listed in the PATH. Additionally, a separate vulnerability, CVE-2025-47907, was identified in the `database/sql` package. This issue involves incorrect results being returned from `Rows.Scan`. Cancelling a query during a call to the Scan method of the returned Rows can lead to a race condition, potentially overwriting expected results with those from another query if queries are made in parallel. This can cause Scan to return unexpected results or an error and is believed to affect most database/sql drivers.
- Description
- -
- Hype score
- Not currently trending
URGENT: Patch Go 1.24 now! CVE-2025-47906 (CVSS 4.0) & CVE-2025-47907 (CVSS 7.0) impact 35+ SUSE distros (Leap/SLES/SAP/HPC). Exploits allow path hijacking & DB corruption. Read more:๐ https://t.co/7SlwnaLWqA #Security #SUSE https://t.co/4a7foJYyrP
@Cezar_H_Linux
12 Aug 2025
57 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
URGENT: @openSUSE Tumbleweed patches 2x Golang vulns (CVE-2025-47906/47907). Read more:๐https://t.co/bbjTRTCU56 #Security https://t.co/CkguvznurX
@Cezar_H_Linux
10 Aug 2025
24 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
๐ Go 1.24.6 and 1.23.12 are released! ๐ Security: Includes security fixes for os/exec (CVE-2025-47906) and database/sql (CVE-2025-47907). ๐ข Announcement: https://t.co/o2LJKjXYvP โฌ๏ธ Download: https://t.co/ffHEmehO2d #golang https://t.co/4MF9a7DSL7
@golang
6 Aug 2025
17624 Impressions
84 Retweets
350 Likes
19 Bookmarks
0 Replies
2 Quotes