CVE-2025-61732

EUVD-2025-206866
A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.6 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 37%
Affected Products (NVD)
VendorProductVersion
golanggo
𝑥
< 1.24.13
golanggo
1.25.0 ≤
𝑥
< 1.25.7
𝑥
= Vulnerable software versions
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
go-toolset
RHEL 9
0:1.25.7-1.el9_7
fixed
golang
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-bin
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-docs
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-misc
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-race
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-src
RHEL 9
0:1.25.7-1.el9_7
fixed
golang-tests
RHEL 9
0:1.25.7-1.el9_7
fixed
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
golang
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-bin
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-docs
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-misc
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-shared
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-src
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
golang-tests
Amazon Linux 2
0:1.24.13-1.amzn2.0.1
fixed
Amazon Linux 2023
0:1.24.13-1.amzn2023.0.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
golang
Azure Linux 3.0
0:0.0.0.azl3
fixed
References