Home > Vulnerability Database > CVE-2025-47907

Mend.io Vulnerability Database

CVE-2025-47907

Good to know:

Date: August 7, 2025

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Severity Score

7.0

Related Resources (6)

Url: https://groups.google.com/g/golang-announce/c/x5MKroML2yM

Url: https://pkg.go.dev/vuln/GO-2025-3849

Url: https://go.dev/cl/693735

Url: https://go.dev/issue/74831

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-47907

Url: https://www.mend.io/vulnerability-database/CVE-2025-47907

Severity Score

7.0

Weakness Type (CWE)

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-362

Top Fix

Upgrade Version

Upgrade to version github.com/golang/go - go1.23.12;github.com/golang/go - go1.24.6

Learn More

CVSS v3.1

Base Score:	7.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2025-47907

Good to know:

Date: August 7, 2025

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?