CVE-2025-22873

ADVISORY - nist

Summary

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-noinfo⁠

Impacted images

Advisories

GoLang

CREATED

5 hours ago

UPDATED

5 hours ago

ADVISORY IDGO-2026-4403⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
stdlib	golang	-	-	>=1.24.0-0,<1.24.3	1.24.3
stdlib	golang	-	-	<1.23.9	1.23.9

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

5 hours ago

UPDATED

5 hours ago

ADVISORY IDCVE-2025-22873⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-noinfo⁠

RATING UNAVAILABLE FROM ADVISORY

Alpine

CREATED

9 months ago

UPDATED

4 days ago

ADVISORY IDCVE-2025-22873⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

9 months ago

UPDATED

5 days ago

ADVISORY IDCVE-2025-22873⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

9 months ago

UPDATED

20 days ago

ADVISORY IDCVE-2025-22873⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Amazon

CREATED

9 months ago

UPDATED

8 months ago

ADVISORY IDALAS2023-2025-977⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium