VDB
CVE-2025-0913
CVE-2025-0913
PUBLISHED
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.
EPSS 0.04% · 12.3th percentile
Risk Scores
EPSS Score
0.04%
12.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | golang | 1.24.0-0, 0 |
| Bitnami | golang | 0, 1.24.0-0 |
Timeline
- Jun 1, 2025 CVE Published
- Jun 11, 2025 Coalition ESS Score
- Jun 12, 2025 EPSS Score
- Jun 12, 2025 Coalition ESS Score
- Jun 22, 2025 EPSS Score
- Jul 3, 2025 EPSS Score
- Jul 13, 2025 EPSS Score
- Jul 23, 2025 Coalition ESS Score
- Jul 24, 2025 EPSS Score
- Jul 30, 2025 Coalition ESS Score
- Aug 3, 2025 EPSS Score
- Aug 8, 2025 Coalition ESS Score
References
- https://go.dev/cl/672396 url
- https://go.dev/issue/73702 url
- https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A url
- https://nvd.nist.gov/vuln/detail/CVE-2025-0913 url
- https://pkg.go.dev/vuln/GO-2025-3750 url
- Multiples vulnérabilités dans les produits Splunk advisory
- Multiples vulnérabilités dans les produits VMware advisory
- Multiples vulnérabilités dans VMware Tanzu advisory