CVE-2025-8959

Опубликовано: 15 авг. 2025

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

Ссылки

https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-59

Связанные уязвимости

CVE-2025-8959

CVSS3: 7.5

redhat

11 дней назад

No description is available for this CVE.

CVE-2025-8959

CVSS3: 7.5

debian

11 дней назад

HashiCorp's go-getter library subdirectory download feature is vulnera ...

GHSA-wjrx-6529-hcj3

CVSS3: 7.5

github

11 дней назад

EPSS

Процентиль: 18%

0.00057

Низкий

7.5 High

CVSS3

Дефекты

CWE-59