CVE-2025-61732

high

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

References

https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json

https://pkg.go.dev/vuln/GO-2026-4433

https://groups.google.com/g/golang-announce/c/K09ubi9FQFk

https://go.dev/issue/76697

https://go.dev/cl/734220

https://bugzilla.redhat.com/show_bug.cgi?id=2437016

https://access.redhat.com/security/cve/CVE-2025-61732

https://access.redhat.com/errata/RHSA-2026:8448

https://access.redhat.com/errata/RHSA-2026:7385

https://access.redhat.com/errata/RHSA-2026:7291

https://access.redhat.com/errata/RHSA-2026:5952

https://access.redhat.com/errata/RHSA-2026:5950

https://access.redhat.com/errata/RHSA-2026:5948

https://access.redhat.com/errata/RHSA-2026:5878

https://access.redhat.com/errata/RHSA-2026:4434

https://access.redhat.com/errata/RHSA-2026:3855

https://access.redhat.com/errata/RHSA-2026:3559

https://access.redhat.com/errata/RHSA-2026:3556

https://access.redhat.com/errata/RHSA-2026:3489

https://access.redhat.com/errata/RHSA-2026:3473

https://access.redhat.com/errata/RHSA-2026:3472

https://access.redhat.com/errata/RHSA-2026:3471

https://access.redhat.com/errata/RHSA-2026:3470

https://access.redhat.com/errata/RHSA-2026:3469

https://access.redhat.com/errata/RHSA-2026:3468

https://access.redhat.com/errata/RHSA-2026:3193

https://access.redhat.com/errata/RHSA-2026:3192

https://access.redhat.com/errata/RHSA-2026:2844

https://access.redhat.com/errata/RHSA-2026:2709

https://access.redhat.com/errata/RHSA-2026:2708

https://access.redhat.com/errata/RHSA-2026:2706

https://access.redhat.com/errata/RHSA-2026:21691

https://access.redhat.com/errata/RHSA-2026:17598

https://access.redhat.com/errata/RHSA-2026:15091

https://access.redhat.com/errata/RHSA-2026:14774

https://access.redhat.com/errata/RHSA-2026:14100

https://access.redhat.com/errata/RHSA-2026:12282

https://access.redhat.com/errata/RHSA-2026:10104

Details

Source: Mitre, NVD

Published: 2026-02-05

Updated: 2026-07-14

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 7.4

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00013