CVE-2025-61732

Published Feb 5, 2026

Last updated 4 days ago

CVSS high 8.6

Overview

AI description

Automated description summarized from trusted sources.

I am unable to provide a description for CVE-2025-61732 based on popular articles, as no information regarding this specific CVE was found in the search results. It is possible that the CVE number is incorrect, or it has not yet been widely reported or published.

Description
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
Source
security@golang.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
8.6
Impact score
6
Exploitability score
1.8
Vector string
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Severity
HIGH

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-94

Social media

Hype score
Not currently trending

  1. Go 1.25.7, 1.24.13 fix 2 CVEs https://t.co/bf31PXLyCI CVE-2025-61732: cmd/cgo: Discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the cgo binary CVE-2025-68121: crypto/tls: Unexpected session resumption when using Config.GetConfigForClient

    @oss_security

    8 Feb 2026

    355 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. ๐Ÿšจ CVE-2025-61732 : GO CGO BUILD-TIME CODE INJECTION ALERT ๐Ÿšจ A high-severity build-time code injection vulnerability has been disclosed in Goโ€™s cgo toolchain, allowing attackers to smuggle malicious C/C++ code inside comments that execute during compilation, completely

    @OstorlabSec

    6 Feb 2026

    46 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  3. [CVE-2025-61732: HIGH] A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.#cve,CVE-2025-61732,#cybersecurity https://t.co/FVI59rzvWe

    @CveFindCom

    5 Feb 2026

    72 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  4. ๐ŸŸ  CVE-2025-61732 - High A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. https://t.co/BzPIeGG7I2 https://t.co/9Ua9pFQExa

    @TheHackerWire

    5 Feb 2026

    47 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2025-61732 A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary. https://t.co/uDbk6eiG9g

    @CVEnew

    5 Feb 2026

    7 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ๐ŸŽ‰ Go 1.25.7 and 1.24.13 are released! ๐Ÿ” Security: Includes a security fix for cmd/cgo (CVE-2025-61732) and an update for crypto/tls (CVE-2025-68121). ๐Ÿ—ฃ Announcement: https://t.co/gn4BwmFBh4 ๐Ÿ“ฆ Download: https://t.co/cZRQix5aeM #golang https://t.co/NnF8ayxKrK

    @golang

    4 Feb 2026

    12719 Impressions

    44 Retweets

    308 Likes

    18 Bookmarks

    2 Replies

    2 Quotes

References

Sources include official advisories and independent security research.