CVE-2025-22873

medium

Description

The vulnerability exists due to a flaw in the Go programming language's OS package, where the Root function fails to properly restrict access to parent directories. This allows processes with root privileges to bypass intended directory boundaries and access parent directories, violating expected security constraints.

Details

Source: Mitre, NVD

Published: 2025-05-08

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 4.4

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Severity: Medium

Detections

Analytics