Detections
Analytics

Golang: stdlib: security update to 1.23.12stdlib: security update to 1.24.6

medium Tenable Cloud Security Plugin ID 435374

Description

There are packages installed that are affected by multiple vulnerabilities referenced in the following CVEs:

 - If the PATH environment variable contains paths which are executables (rather than just directories),
 passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH
 being unexpectedly returned. (CVE-2025-47906)

See Also

https://pkg.go.dev/vuln/GO-2025-3956

Plugin Details

Severity: Medium

ID: 435374

Version: Revision 1.12

Type: Local

Family: Golang

Published: 9/19/2025

Updated: 2/6/2026

Risk Information

VPR

Risk Factor: Low

Score: 3.3

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2025-47906

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/18/2025

Vulnerability Publication Date: 8/14/2025

Reference Information

CVE: CVE-2025-47906