CVE-2025-0913

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Affected Software

Name	Vendor	Start Version	End Version
Golang-1.10	Ubuntu	esm-infra-legacy/trusty	*
Golang-1.10	Ubuntu	esm-infra/bionic	*
Golang-1.10	Ubuntu	esm-infra/xenial	*
Golang-1.13	Ubuntu	esm-apps/bionic	*
Golang-1.13	Ubuntu	esm-apps/jammy	*
Golang-1.13	Ubuntu	esm-apps/xenial	*
Golang-1.13	Ubuntu	esm-infra/focal	*
Golang-1.13	Ubuntu	jammy	*
Golang-1.14	Ubuntu	esm-infra/focal	*
Golang-1.16	Ubuntu	esm-apps/bionic	*
Golang-1.16	Ubuntu	esm-apps/focal	*
Golang-1.17	Ubuntu	jammy	*
Golang-1.18	Ubuntu	esm-apps/bionic	*
Golang-1.18	Ubuntu	esm-apps/xenial	*
Golang-1.18	Ubuntu	jammy	*
Golang-1.20	Ubuntu	jammy	*
Golang-1.21	Ubuntu	esm-apps/noble	*
Golang-1.21	Ubuntu	jammy	*
Golang-1.21	Ubuntu	noble	*
Golang-1.22	Ubuntu	jammy	*
Golang-1.22	Ubuntu	noble	*
Golang-1.22	Ubuntu	oracular	*
Golang-1.23	Ubuntu	devel	*
Golang-1.23	Ubuntu	jammy	*
Golang-1.23	Ubuntu	noble	*
Golang-1.23	Ubuntu	oracular	*
Golang-1.23	Ubuntu	plucky	*
Golang-1.24	Ubuntu	devel	*
Golang-1.24	Ubuntu	plucky	*
Golang-1.6	Ubuntu	esm-infra/xenial	*
Golang-1.8	Ubuntu	esm-apps/bionic	*
Golang-1.9	Ubuntu	esm-apps/bionic	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-0913
CWE	https://cwe.mitre.org/data/definitions/.html

Affected Software

References