CVE-2025-0913NVD

Vulnerability Summary

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Severity Level

MEDIUM(5.5)

Published Date

Jun 11, 2025

Last Modified

Aug 8, 2025

Exploitation Status

????

EPSS Score (30-Day)

Data Pending

Root Weakness (CWE)

CWE-59: Unknown/Unlisted Weakness ↗

Refer to the official MITRE database for detailed architectural specifications regarding this weakness.

CVSS v3.1 Base Metrics

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredLow

User InteractionNone

ScopeUnchanged

ConfidentialityNone

IntegrityHigh

AvailabilityNone

External References

https://go.dev/cl/672396
https://go.dev/issue/73702
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A
https://pkg.go.dev/vuln/GO-2025-3750

Critical Alert 1 Active Exploit Detected Today

CVE Watchtower

CVE-2025-0913NVD

Vulnerability Summary

External References