CVE-2025-47907

high

Description

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

References

https://pkg.go.dev/vuln/GO-2025-3849

https://groups.google.com/g/golang-announce/c/x5MKroML2yM

https://go.dev/issue/74831

https://go.dev/cl/693735

Details

Source: Mitre, NVD

Published: 2025-08-07

Updated: 2025-08-07

Risk Information

CVSS v2

Base Score: 6.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:C/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Severity: High

EPSS

EPSS: 0.00041