CVE-2025-8959

Опубликовано: 15 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

Ссылки

https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

CVE-2025-8959

CVSS3: 7.5

ubuntu

2 месяца назад

CVE-2025-8959

CVSS3: 7.5

redhat

2 месяца назад

CVE-2025-8959

CVSS3: 7.5

debian

2 месяца назад

HashiCorp's go-getter library subdirectory download feature is vulnera ...

GHSA-wjrx-6529-hcj3

CVSS3: 7.5

github

2 месяца назад

HashiCorp go-getter Vulnerable to Symlink Attacks

EPSS

Процентиль: 4%

0.0002

Низкий

7.5 High

CVSS3

Дефекты

CWE-59