CVE-2025-61731
AI description
CVE-2025-61731 describes a vulnerability within the `cmd/go` component of the Go programming language. This flaw involves a bypass of the `CgoPkgConfig` flag. The bypass associated with the `CgoPkgConfig` flag can result in arbitrary code execution. This issue was identified and reported by RyotaK of GMO Flatt Security.
- Description
- -
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
30
π₯³ Go 1.26 Release Candidate 2 is released! π Security: Includes security fixes for archive/zip (CVE-2025-61728), net/http (CVE-2025-61726), crypto/tls (CVE-2025-68121, CVE-2025-61730), cmd/go (CVE-2025-61731, CVE-2025-68119). πββοΈ Run it in dev! Run it in prod! F
@golang
15 Jan 2026
22045 Impressions
52 Retweets
423 Likes
30 Bookmarks
4 Replies
2 Quotes
π Go 1.25.6 and 1.24.12 are released! π Security: Includes security fixes for archive/zip (CVE-2025-61728), net/http (CVE-2025-61726), crypto/tls (CVE-2025-68121, CVE-2025-61730), cmd/go (CVE-2025-61731, CVE-2025-68119). π£ Announcement: https://t.co/seVA1REoeH π¦ Do
@golang
15 Jan 2026
14651 Impressions
53 Retweets
279 Likes
26 Bookmarks
4 Replies
3 Quotes
A Go release scheduled for Thursday, Jan 15th covering CVE-2025-61728 CVE-2025-61726 CVE-2025-68121 CVE-2025-61731 CVE-2025-68119, all currently embargoed. Reports of an SSH 0-day, in context of Go's crypto/ssh module.βββ£ββ£ββββββ£β£βββββ£ββ£β£
@_mattata
13 Jan 2026
327 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes