← Volver a CVEs
CVE-2025-22873
LOW3.8
Descripcion
It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.
Detalles CVE
Puntuacion CVSS v3.13.8
SeveridadLOW
Vector CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Vector de ataqueLOCAL
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado2/4/2026
Ultima modificacion2/10/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
golang:go
Debilidades (CWE)
CWE-23
Referencias
https://go.dev/cl/670036(security@golang.org)
https://go.dev/issue/73555(security@golang.org)
https://groups.google.com/g/golang-announce/c/UZoIkUT367A/m/5WDxKizJAQAJ(security@golang.org)
https://pkg.go.dev/vuln/GO-2026-4403(security@golang.org)
http://www.openwall.com/lists/oss-security/2025/05/06/2(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.