CVE-2025-61732 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	8.6 HIGH	LOCAL	LOW	NONE	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: Unknown

Affected Products (NVD)

Vendor	Product	Version
golang	go	𝑥 < 1.24.13
golang	go	1.25.0 ≤ 𝑥 < 1.25.7

𝑥

= Vulnerable software versions

Red Hat Enterprise Linux Releases

Red Hat Product

Release

go-toolset

RHEL 9

0:1.25.7-1.el9_7

fixed

golang

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-bin

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-docs

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-misc

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-race

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-src

RHEL 9

0:1.25.7-1.el9_7

fixed

golang-tests

RHEL 9

0:1.25.7-1.el9_7

fixed

Common Weakness Enumeration

CWE-94 - Improper Control of Generation of Code ('Code Injection')
The software constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

Vulnerability Media Exposure

[GERMAN] Splunk Splunk Enterprise: Mehrere Schwachstellen
Ein Angreifer kann mehrere Schwachstellen in Splunk Splunk Enterprise ausnutzen, um Sicherheitsvorkehrungen zu umgehen, Daten zu manipulieren, vertrauliche Informationen offenzulegen oder einen Denial-of-Service-Zustand zu verursachen.
Published: 2026-05-20T22:00:00+00:00

References

https://go.dev/cl/734220

https://go.dev/issue/76697

https://groups.google.com/g/golang-announce/c/K09ubi9FQFk

https://pkg.go.dev/vuln/GO-2026-4433