← Back to CVEs

CVE-2025-47907

HIGH

7.0

Description

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

CVE Details

CVSS v3.1 Score7.0

SeverityHIGH

CVSS VectorCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Attack VectorNETWORK

ComplexityHIGH

Privileges RequiredNONE

User InteractionNONE

Published8/7/2025

Last Modified1/29/2026

Sourcenvd

Honeypot Sightings0

Affected Products

golang:go

Weaknesses (CWE)

CWE-362

References

https://go.dev/cl/693735(security@golang.org)

https://go.dev/issue/74831(security@golang.org)

https://groups.google.com/g/golang-announce/c/x5MKroML2yM(security@golang.org)

https://pkg.go.dev/vuln/GO-2025-3849(security@golang.org)

http://www.openwall.com/lists/oss-security/2025/08/06/1(af854a3a-2127-422b-91ae-364da2661108)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.