CVE Vulnerabilities

CVE-2025-0913

Published: Jun 11, 2025 | Modified: Jun 12, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Affected Software

Name Vendor Start Version End Version
Golang-1.10 Ubuntu esm-infra-legacy/trusty *
Golang-1.10 Ubuntu esm-infra/bionic *
Golang-1.10 Ubuntu esm-infra/xenial *
Golang-1.13 Ubuntu esm-apps/bionic *
Golang-1.13 Ubuntu esm-apps/jammy *
Golang-1.13 Ubuntu esm-apps/xenial *
Golang-1.13 Ubuntu esm-infra/focal *
Golang-1.13 Ubuntu jammy *
Golang-1.14 Ubuntu esm-infra/focal *
Golang-1.16 Ubuntu esm-apps/bionic *
Golang-1.16 Ubuntu esm-apps/focal *
Golang-1.17 Ubuntu jammy *
Golang-1.18 Ubuntu esm-apps/bionic *
Golang-1.18 Ubuntu esm-apps/xenial *
Golang-1.18 Ubuntu jammy *
Golang-1.20 Ubuntu jammy *
Golang-1.21 Ubuntu esm-apps/noble *
Golang-1.21 Ubuntu jammy *
Golang-1.21 Ubuntu noble *
Golang-1.22 Ubuntu jammy *
Golang-1.22 Ubuntu noble *
Golang-1.22 Ubuntu oracular *
Golang-1.23 Ubuntu devel *
Golang-1.23 Ubuntu jammy *
Golang-1.23 Ubuntu noble *
Golang-1.23 Ubuntu oracular *
Golang-1.23 Ubuntu plucky *
Golang-1.24 Ubuntu devel *
Golang-1.24 Ubuntu plucky *
Golang-1.6 Ubuntu esm-infra/xenial *
Golang-1.8 Ubuntu esm-apps/bionic *
Golang-1.9 Ubuntu esm-apps/bionic *

References