Home > Vulnerability Database > CVE-2025-47906

Mend.io Vulnerability Database

CVE-2025-47906

Good to know:

Date: September 18, 2025

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

Severity Score

6.5

Related Resources (6)

Url: https://groups.google.com/g/golang-announce/c/x5MKroML2yM

Url: https://go.dev/cl/691775

Url: https://pkg.go.dev/vuln/GO-2025-3956

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47906

Url: https://go.dev/issue/74466

Url: https://www.mend.io/vulnerability-database/CVE-2025-47906

Severity Score

6.5

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Top Fix

Upgrade Version

Upgrade to version github.com/golang/go - go1.23.12;github.com/golang/go - go1.24.6

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47906

Good to know:

Date: September 18, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?