CVE-2025-22873

Опубликовано: 04 фев. 2026

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 3.8

Описание

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

Релиз	Статус	Примечание
devel	not-affected	Vulnerable code only present in 1.24.x releases
esm-apps/jammy	not-affected	Vulnerable code only present in 1.24.x releases
esm-apps/noble	not-affected	Vulnerable code only present in 1.24.x releases
esm-infra/focal	DNE
focal	DNE
jammy	not-affected	Vulnerable code only present in 1.24.x releases
noble	not-affected	Vulnerable code only present in 1.24.x releases
oracular	not-affected	Vulnerable code only present in 1.24.x releases
plucky	not-affected	Vulnerable code only present in 1.24.x releases
questing	not-affected	Vulnerable code only present in 1.24.x releases

Показывать по

Релиз	Статус	Примечание
devel	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-infra/focal	DNE
focal	DNE
jammy	needs-triage
noble	needs-triage
oracular	DNE
plucky	ignored	end of life, was needs-triage
questing	needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 0%

0.00004

Низкий

3.8 Low

CVSS3

Связанные уязвимости

CVE-2025-22873

CVSS3: 5.3

redhat

около 2 месяцев назад

CVE-2025-22873

CVSS3: 3.8

nvd

около 2 месяцев назад

CVE-2025-22873

CVSS3: 3.8

debian

около 2 месяцев назад

It was possible to improperly access the parent directory of an os.Roo ...

SUSE-SU-2025:1551-1

suse-cvrf

11 месяцев назад

Security update for go1.24

SUSE-SU-2025:01551-1

suse-cvrf

10 месяцев назад

Security update for go1.24

EPSS

Процентиль: 0%

0.00004

Низкий

3.8 Low

CVSS3

CVE-2025-22873

Описание

Пакет golang-1.23

Пакет golang-1.24

Ссылки на источники

Связанные уязвимости