Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-4673 (GCVE-0-2025-4673)
Vulnerability from cvelistv5 – Published: 2025-06-11 16:42 – Updated: 2025-06-11 17:59
VLAI
EPSS
Title
Sensitive headers not cleared on cross-origin redirect in net/http
Summary
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity
6.8 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-201 - Insertion of Sensitive Information Into Sent Data
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Go standard library | net/http |
Affected:
0 , < 1.23.10
(semver)
Affected: 1.24.0-0 , < 1.24.4 (semver) |
Credits
Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-4673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:59:02.225500Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T17:59:48.033Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "Client.makeHeadersCopier"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.4",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)"
}
],
"descriptions": [
{
"lang": "en",
"value": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-11T16:42:53.054Z",
"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"shortName": "Go"
},
"references": [
{
"url": "https://go.dev/cl/679257"
},
{
"url": "https://go.dev/issue/73816"
},
{
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"url": "https://pkg.go.dev/vuln/GO-2025-3751"
}
],
"title": "Sensitive headers not cleared on cross-origin redirect in net/http"
}
},
"cveMetadata": {
"assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc",
"assignerShortName": "Go",
"cveId": "CVE-2025-4673",
"datePublished": "2025-06-11T16:42:53.054Z",
"dateReserved": "2025-05-13T23:30:53.327Z",
"dateUpdated": "2025-06-11T17:59:48.033Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-4673",
"date": "2026-06-20",
"epss": "0.0056",
"percentile": "0.42122"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-4673\",\"sourceIdentifier\":\"security@golang.org\",\"published\":\"2025-06-11T17:15:42.993\",\"lastModified\":\"2025-06-12T16:06:20.180\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.\"},{\"lang\":\"es\",\"value\":\"Los encabezados Proxy-Authorization y Proxy-Authenticate persistieron en redirecciones de origen cruzado, lo que potencialmente filtr\u00f3 informaci\u00f3n confidencial.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\",\"baseScore\":6.8,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":4.0}]},\"references\":[{\"url\":\"https://go.dev/cl/679257\",\"source\":\"security@golang.org\"},{\"url\":\"https://go.dev/issue/73816\",\"source\":\"security@golang.org\"},{\"url\":\"https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A\",\"source\":\"security@golang.org\"},{\"url\":\"https://pkg.go.dev/vuln/GO-2025-3751\",\"source\":\"security@golang.org\"}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 6.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-4673\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-11T17:59:02.225500Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-11T17:59:18.551Z\"}}], \"cna\": {\"title\": \"Sensitive headers not cleared on cross-origin redirect in net/http\", \"credits\": [{\"lang\": \"en\", \"value\": \"Takeshi Kaneko (GMO Cybersecurity by Ierae, Inc.)\"}], \"affected\": [{\"vendor\": \"Go standard library\", \"product\": \"net/http\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"1.23.10\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"1.24.0-0\", \"lessThan\": \"1.24.4\", \"versionType\": \"semver\"}], \"packageName\": \"net/http\", \"collectionURL\": \"https://pkg.go.dev\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"Client.makeHeadersCopier\"}, {\"name\": \"Client.Do\"}, {\"name\": \"Client.Get\"}, {\"name\": \"Client.Head\"}, {\"name\": \"Client.Post\"}, {\"name\": \"Client.PostForm\"}, {\"name\": \"Get\"}, {\"name\": \"Head\"}, {\"name\": \"Post\"}, {\"name\": \"PostForm\"}]}], \"references\": [{\"url\": \"https://go.dev/cl/679257\"}, {\"url\": \"https://go.dev/issue/73816\"}, {\"url\": \"https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A\"}, {\"url\": \"https://pkg.go.dev/vuln/GO-2025-3751\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"description\": \"CWE-201: Insertion of Sensitive Information Into Sent Data\"}]}], \"providerMetadata\": {\"orgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"shortName\": \"Go\", \"dateUpdated\": \"2025-06-11T16:42:53.054Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-4673\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-06-11T17:59:48.033Z\", \"dateReserved\": \"2025-05-13T23:30:53.327Z\", \"assignerOrgId\": \"1bb62c36-49e3-4200-9d77-64a1400537cc\", \"datePublished\": \"2025-06-11T16:42:53.054Z\", \"assignerShortName\": \"Go\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
cleanstart-2026-xr17407
Vulnerability from cleanstart
Published
2026-01-30 16:11
Modified
2026-01-29 18:58
Summary
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Details
Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-workflows-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.4-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XR17407",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T16:11:25.270681Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XR17407.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62156"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62157"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-6v2p-p543-phr9"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-c2hv-4pfj-mm2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-f6x5-jh6r-wrfv"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-j5w8-q4qc-rx2x"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-p84v-gxvw-73pf"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62157"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption",
"upstream": [
"CVE-2025-0913",
"CVE-2025-4673",
"CVE-2025-47907",
"CVE-2025-47914",
"CVE-2025-58181",
"CVE-2025-62156",
"CVE-2025-62157",
"GHSA-6v2p-p543-phr9",
"GHSA-c2hv-4pfj-mm2r",
"GHSA-f6x5-jh6r-wrfv",
"GHSA-j5w8-q4qc-rx2x",
"GHSA-p84v-gxvw-73pf"
]
}
cleanstart-2026-xx70537
Vulnerability from cleanstart
Published
2026-01-30 15:32
Modified
2026-01-29 18:58
Summary
Cancelling a query (e
Details
Multiple security vulnerabilities affect the harbor-fips package. Cancelling a query (e. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "harbor-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.12.4-r1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the harbor-fips package. Cancelling a query (e. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-XX70537",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T15:32:24.053481Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-XX70537.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-9h84-qmv7-982p"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-mh63-6h87-95cp"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-rq77-p4h8-4crw"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-vvgc-356p-c3xw"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Cancelling a query (e",
"upstream": [
"CVE-2025-4673",
"CVE-2025-47907",
"GHSA-9h84-qmv7-982p",
"GHSA-mh63-6h87-95cp",
"GHSA-rq77-p4h8-4crw",
"GHSA-vvgc-356p-c3xw"
]
}
cleanstart-2026-zm51114
Vulnerability from cleanstart
Published
2026-01-30 16:08
Modified
2026-01-29 18:58
Summary
SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption
Details
Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability details.
Severity
9.8 (Critical)
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "argo-workflows-fips"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.7.3-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the argo-workflows-fips package. SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-ZM51114",
"modified": "2026-01-29T18:58:54Z",
"published": "2026-01-30T16:08:25.157380Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-ZM51114.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62156"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-62157"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-2x5j-vhc8-9cwm"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-c2hv-4pfj-mm2r"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-cfpf-hrx2-8rv6"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/GHSA-p84v-gxvw-73pf"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0913"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47907"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-58181"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62156"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62157"
}
],
"related": [],
"schema_version": "1.7.3",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "SSH servers parsing GSSAPI authentication requests do not validate the number of mechanisms specified in the request, allowing an attacker to cause unbounded memory consumption",
"upstream": [
"CVE-2025-0913",
"CVE-2025-4673",
"CVE-2025-47907",
"CVE-2025-58181",
"CVE-2025-62156",
"CVE-2025-62157",
"GHSA-2x5j-vhc8-9cwm",
"GHSA-c2hv-4pfj-mm2r",
"GHSA-cfpf-hrx2-8rv6",
"GHSA-p84v-gxvw-73pf"
]
}
FKIE_CVE-2025-4673
Vulnerability from fkie_nvd - Published: 2025-06-11 17:15 - Updated: 2026-06-17 09:33
Severity
Summary
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"affected": [
{
"affectedData": [
{
"collectionURL": "https://pkg.go.dev",
"defaultStatus": "unaffected",
"packageName": "net/http",
"product": "net/http",
"programRoutines": [
{
"name": "Client.makeHeadersCopier"
},
{
"name": "Client.Do"
},
{
"name": "Client.Get"
},
{
"name": "Client.Head"
},
{
"name": "Client.Post"
},
{
"name": "Client.PostForm"
},
{
"name": "Get"
},
{
"name": "Head"
},
{
"name": "Post"
},
{
"name": "PostForm"
}
],
"vendor": "Go standard library",
"versions": [
{
"lessThan": "1.23.10",
"status": "affected",
"version": "0",
"versionType": "semver"
},
{
"lessThan": "1.24.4",
"status": "affected",
"version": "1.24.0-0",
"versionType": "semver"
}
]
}
],
"source": "security@golang.org"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information."
},
{
"lang": "es",
"value": "Los encabezados Proxy-Authorization y Proxy-Authenticate persistieron en redirecciones de origen cruzado, lo que potencialmente filtr\u00f3 informaci\u00f3n confidencial."
}
],
"id": "CVE-2025-4673",
"lastModified": "2026-06-17T09:33:45.897",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 4.0,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
],
"ssvcV203": [
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"ssvcData": {
"id": "CVE-2025-4673",
"options": [
{
"exploitation": "none"
},
{
"automatable": "no"
},
{
"technicalImpact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-11T17:59:02.225500Z",
"version": "2.0.3"
}
}
]
},
"published": "2025-06-11T17:15:42.993",
"references": [
{
"source": "security@golang.org",
"url": "https://go.dev/cl/679257"
},
{
"source": "security@golang.org",
"url": "https://go.dev/issue/73816"
},
{
"source": "security@golang.org",
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"source": "security@golang.org",
"url": "https://pkg.go.dev/vuln/GO-2025-3751"
}
],
"sourceIdentifier": "security@golang.org",
"vulnStatus": "Deferred"
}
GHSA-62JJ-GR2R-5C34
Vulnerability from github – Published: 2025-06-11 18:35 – Updated: 2025-06-11 18:35
VLAI
Details
Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.
Severity
6.8 (Medium)
{
"affected": [],
"aliases": [
"CVE-2025-4673"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-06-11T17:15:42Z",
"severity": "MODERATE"
},
"details": "Proxy-Authorization and Proxy-Authenticate headers persisted on cross-origin redirects potentially leaking sensitive information.",
"id": "GHSA-62jj-gr2r-5c34",
"modified": "2025-06-11T18:35:43Z",
"published": "2025-06-11T18:35:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"type": "WEB",
"url": "https://go.dev/cl/679257"
},
{
"type": "WEB",
"url": "https://go.dev/issue/73816"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2025-3751"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2025-4673
Vulnerability from csaf_microsoft - Published: 2025-06-02 00:00 - Updated: 2026-02-18 14:41Summary
Sensitive headers not cleared on cross-origin redirect in net/http
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
6.8 (Medium)
Affected products
Fixed
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 19548-17086 | — | ||
| Unresolved product id: 19606-17084 | — | ||
| Unresolved product id: 19755-17086 | — | ||
| Unresolved product id: 20123-17086 | — | ||
| Unresolved product id: 20138-17084 | — | ||
| Unresolved product id: 20196-17086 | — | ||
| Unresolved product id: 20387-17086 | — | ||
| Unresolved product id: 20145-17084 | — |
Known affected
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17086-12 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-11 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-6 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-5 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-4 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-2 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17086-1 | — |
Vendor Fix
fix
|
|
| Unresolved product id: 17084-3 | — |
Vendor Fix
fix
|
Known not affected
7 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-9 | — | ||
| Unresolved product id: 17084-15 | — | ||
| Unresolved product id: 17086-7 | — | ||
| Unresolved product id: 17086-8 | — | ||
| Unresolved product id: 17086-10 | — | ||
| Unresolved product id: 17086-13 | — | ||
| Unresolved product id: 17084-14 | — |
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2025/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-4673.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Sensitive headers not cleared on cross-origin redirect in net/http",
"tracking": {
"current_release_date": "2026-02-18T14:41:09.000Z",
"generator": {
"date": "2026-02-21T04:08:22.940Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-4673",
"initial_release_date": "2025-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2025-07-11T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-02-18T14:41:09.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
}
],
"status": "final",
"version": "2"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm2 msft-golang 1.24.1-3",
"product": {
"name": "\u003ccm2 msft-golang 1.24.1-3",
"product_id": "12"
}
},
{
"category": "product_version",
"name": "cm2 msft-golang 1.24.1-3",
"product": {
"name": "cm2 msft-golang 1.24.1-3",
"product_id": "19548"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 msft-golang 1.24.1-3",
"product": {
"name": "\u003ccbl2 msft-golang 1.24.1-3",
"product_id": "2"
}
},
{
"category": "product_version",
"name": "cbl2 msft-golang 1.24.1-3",
"product": {
"name": "cbl2 msft-golang 1.24.1-3",
"product_id": "20196"
}
}
],
"category": "product_name",
"name": "msft-golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.23.10-1",
"product": {
"name": "\u003cazl3 golang 1.23.10-1",
"product_id": "11"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.23.10-1",
"product": {
"name": "azl3 golang 1.23.10-1",
"product_id": "19606"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-8",
"product": {
"name": "\u003ccbl2 golang 1.18.8-8",
"product_id": "6"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-8",
"product": {
"name": "cbl2 golang 1.18.8-8",
"product_id": "19755"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-4",
"product": {
"name": "\u003ccbl2 golang 1.22.7-4",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-4",
"product": {
"name": "cbl2 golang 1.22.7-4",
"product_id": "20123"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.24.5-1",
"product": {
"name": "\u003cazl3 golang 1.24.5-1",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.24.5-1",
"product": {
"name": "azl3 golang 1.24.5-1",
"product_id": "20138"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.22.7-5",
"product": {
"name": "\u003ccbl2 golang 1.22.7-5",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.22.7-5",
"product": {
"name": "cbl2 golang 1.22.7-5",
"product_id": "20387"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.23.11-1",
"product": {
"name": "\u003cazl3 golang 1.23.11-1",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.23.11-1",
"product": {
"name": "azl3 golang 1.23.11-1",
"product_id": "20145"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "9"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "15"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "7"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "cbl2 gcc 11.2.0-8",
"product": {
"name": "cbl2 gcc 11.2.0-8",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "azl3 gcc 13.2.0-7",
"product": {
"name": "azl3 gcc 13.2.0-7",
"product_id": "14"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm2 msft-golang 1.24.1-3 as a component of CBL Mariner 2.0",
"product_id": "17086-12"
},
"product_reference": "12",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm2 msft-golang 1.24.1-3 as a component of CBL Mariner 2.0",
"product_id": "19548-17086"
},
"product_reference": "19548",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.23.10-1 as a component of Azure Linux 3.0",
"product_id": "17084-11"
},
"product_reference": "11",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.10-1 as a component of Azure Linux 3.0",
"product_id": "19606-17084"
},
"product_reference": "19606",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-8 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-8 as a component of CBL Mariner 2.0",
"product_id": "19755-17086"
},
"product_reference": "19755",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-4 as a component of CBL Mariner 2.0",
"product_id": "17086-5"
},
"product_reference": "5",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-4 as a component of CBL Mariner 2.0",
"product_id": "20123-17086"
},
"product_reference": "20123",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.24.5-1 as a component of Azure Linux 3.0",
"product_id": "17084-4"
},
"product_reference": "4",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.24.5-1 as a component of Azure Linux 3.0",
"product_id": "20138-17084"
},
"product_reference": "20138",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-9"
},
"product_reference": "9",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 msft-golang 1.24.1-3 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 msft-golang 1.24.1-3 as a component of CBL Mariner 2.0",
"product_id": "20196-17086"
},
"product_reference": "20196",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-10"
},
"product_reference": "10",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.22.7-5 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-5 as a component of CBL Mariner 2.0",
"product_id": "20387-17086"
},
"product_reference": "20387",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 gcc 11.2.0-8 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.23.11-1 as a component of Azure Linux 3.0",
"product_id": "17084-3"
},
"product_reference": "3",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.23.11-1 as a component of Azure Linux 3.0",
"product_id": "20145-17084"
},
"product_reference": "20145",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 gcc 13.2.0-7 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4673",
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17084-9",
"17084-15",
"17086-7",
"17086-8",
"17086-10",
"17086-13",
"17084-14"
]
}
],
"notes": [
{
"category": "general",
"text": "Go",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19548-17086",
"19606-17084",
"19755-17086",
"20123-17086",
"20138-17084",
"20196-17086",
"20387-17086",
"20145-17084"
],
"known_affected": [
"17086-12",
"17084-11",
"17086-6",
"17086-5",
"17084-4",
"17086-2",
"17086-1",
"17084-3"
],
"known_not_affected": [
"17084-9",
"17084-15",
"17086-7",
"17086-8",
"17086-10",
"17086-13",
"17084-14"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-4673 Sensitive headers not cleared on cross-origin redirect in net/http - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-4673.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.24.1-3:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-12",
"17086-2"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.23.10-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-11"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.18.8-9:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-6"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "1.22.7-5:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-5",
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2025-07-11T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-4",
"17084-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"temporalScore": 6.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-12",
"17084-11",
"17086-6",
"17086-5",
"17084-4",
"17086-2",
"17086-1",
"17084-3"
]
}
],
"title": "Sensitive headers not cleared on cross-origin redirect in net/http"
}
]
}
OPENSUSE-SU-2025:15223-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
go1.23-1.23.10-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.23-1.23.10-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.23-1.23.10-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15223
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2025-0913/ | self |
| https://www.suse.com/security/cve/CVE-2025-4673/ | self |
| https://www.suse.com/security/cve/CVE-2025-0913 | external |
| https://bugzilla.suse.com/1244157 | external |
| https://www.suse.com/security/cve/CVE-2025-4673 | external |
| https://bugzilla.suse.com/1244156 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.23-1.23.10-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.23-1.23.10-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15223",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15223-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4673/"
}
],
"title": "go1.23-1.23.10-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15223-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.10-1.1.aarch64",
"product": {
"name": "go1.23-1.23.10-1.1.aarch64",
"product_id": "go1.23-1.23.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.10-1.1.aarch64",
"product": {
"name": "go1.23-doc-1.23.10-1.1.aarch64",
"product_id": "go1.23-doc-1.23.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.10-1.1.aarch64",
"product": {
"name": "go1.23-libstd-1.23.10-1.1.aarch64",
"product_id": "go1.23-libstd-1.23.10-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.10-1.1.aarch64",
"product": {
"name": "go1.23-race-1.23.10-1.1.aarch64",
"product_id": "go1.23-race-1.23.10-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.10-1.1.ppc64le",
"product": {
"name": "go1.23-1.23.10-1.1.ppc64le",
"product_id": "go1.23-1.23.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.10-1.1.ppc64le",
"product": {
"name": "go1.23-doc-1.23.10-1.1.ppc64le",
"product_id": "go1.23-doc-1.23.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.10-1.1.ppc64le",
"product": {
"name": "go1.23-libstd-1.23.10-1.1.ppc64le",
"product_id": "go1.23-libstd-1.23.10-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.10-1.1.ppc64le",
"product": {
"name": "go1.23-race-1.23.10-1.1.ppc64le",
"product_id": "go1.23-race-1.23.10-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.10-1.1.s390x",
"product": {
"name": "go1.23-1.23.10-1.1.s390x",
"product_id": "go1.23-1.23.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.10-1.1.s390x",
"product": {
"name": "go1.23-doc-1.23.10-1.1.s390x",
"product_id": "go1.23-doc-1.23.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.10-1.1.s390x",
"product": {
"name": "go1.23-libstd-1.23.10-1.1.s390x",
"product_id": "go1.23-libstd-1.23.10-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.10-1.1.s390x",
"product": {
"name": "go1.23-race-1.23.10-1.1.s390x",
"product_id": "go1.23-race-1.23.10-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.23-1.23.10-1.1.x86_64",
"product": {
"name": "go1.23-1.23.10-1.1.x86_64",
"product_id": "go1.23-1.23.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-doc-1.23.10-1.1.x86_64",
"product": {
"name": "go1.23-doc-1.23.10-1.1.x86_64",
"product_id": "go1.23-doc-1.23.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-libstd-1.23.10-1.1.x86_64",
"product": {
"name": "go1.23-libstd-1.23.10-1.1.x86_64",
"product_id": "go1.23-libstd-1.23.10-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.23-race-1.23.10-1.1.x86_64",
"product": {
"name": "go1.23-race-1.23.10-1.1.x86_64",
"product_id": "go1.23-race-1.23.10-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64"
},
"product_reference": "go1.23-1.23.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le"
},
"product_reference": "go1.23-1.23.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x"
},
"product_reference": "go1.23-1.23.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-1.23.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64"
},
"product_reference": "go1.23-1.23.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64"
},
"product_reference": "go1.23-doc-1.23.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le"
},
"product_reference": "go1.23-doc-1.23.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x"
},
"product_reference": "go1.23-doc-1.23.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-doc-1.23.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64"
},
"product_reference": "go1.23-doc-1.23.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64"
},
"product_reference": "go1.23-libstd-1.23.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le"
},
"product_reference": "go1.23-libstd-1.23.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x"
},
"product_reference": "go1.23-libstd-1.23.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-libstd-1.23.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64"
},
"product_reference": "go1.23-libstd-1.23.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.10-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64"
},
"product_reference": "go1.23-race-1.23.10-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.10-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le"
},
"product_reference": "go1.23-race-1.23.10-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.10-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x"
},
"product_reference": "go1.23-race-1.23.10-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.23-race-1.23.10-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
},
"product_reference": "go1.23-race-1.23.10-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0913"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0913",
"url": "https://www.suse.com/security/cve/CVE-2025-0913"
},
{
"category": "external",
"summary": "SUSE Bug 1244157 for CVE-2025-0913",
"url": "https://bugzilla.suse.com/1244157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-0913"
},
{
"cve": "CVE-2025-4673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4673"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4673",
"url": "https://www.suse.com/security/cve/CVE-2025-4673"
},
{
"category": "external",
"summary": "SUSE Bug 1244156 for CVE-2025-4673",
"url": "https://bugzilla.suse.com/1244156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-doc-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-libstd-1.23.10-1.1.x86_64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.aarch64",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.ppc64le",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.s390x",
"openSUSE Tumbleweed:go1.23-race-1.23.10-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4673"
}
]
}
OPENSUSE-SU-2025:15224-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
go1.24-1.24.4-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: go1.24-1.24.4-1.1 on GA media
Description of the patch: These are all security issues fixed in the go1.24-1.24.4-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15224
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.5 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.8 (Medium)
Affected products
Recommended
16 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2025-0913/ | self |
| https://www.suse.com/security/cve/CVE-2025-22874/ | self |
| https://www.suse.com/security/cve/CVE-2025-4673/ | self |
| https://www.suse.com/security/cve/CVE-2025-0913 | external |
| https://bugzilla.suse.com/1244157 | external |
| https://www.suse.com/security/cve/CVE-2025-22874 | external |
| https://bugzilla.suse.com/1244158 | external |
| https://www.suse.com/security/cve/CVE-2025-4673 | external |
| https://bugzilla.suse.com/1244156 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "go1.24-1.24.4-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the go1.24-1.24.4-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15224",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15224-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22874 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4673/"
}
],
"title": "go1.24-1.24.4-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15224-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.4-1.1.aarch64",
"product": {
"name": "go1.24-1.24.4-1.1.aarch64",
"product_id": "go1.24-1.24.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.4-1.1.aarch64",
"product": {
"name": "go1.24-doc-1.24.4-1.1.aarch64",
"product_id": "go1.24-doc-1.24.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.4-1.1.aarch64",
"product": {
"name": "go1.24-libstd-1.24.4-1.1.aarch64",
"product_id": "go1.24-libstd-1.24.4-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.4-1.1.aarch64",
"product": {
"name": "go1.24-race-1.24.4-1.1.aarch64",
"product_id": "go1.24-race-1.24.4-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.4-1.1.ppc64le",
"product": {
"name": "go1.24-1.24.4-1.1.ppc64le",
"product_id": "go1.24-1.24.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.4-1.1.ppc64le",
"product": {
"name": "go1.24-doc-1.24.4-1.1.ppc64le",
"product_id": "go1.24-doc-1.24.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.4-1.1.ppc64le",
"product": {
"name": "go1.24-libstd-1.24.4-1.1.ppc64le",
"product_id": "go1.24-libstd-1.24.4-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.4-1.1.ppc64le",
"product": {
"name": "go1.24-race-1.24.4-1.1.ppc64le",
"product_id": "go1.24-race-1.24.4-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.4-1.1.s390x",
"product": {
"name": "go1.24-1.24.4-1.1.s390x",
"product_id": "go1.24-1.24.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.4-1.1.s390x",
"product": {
"name": "go1.24-doc-1.24.4-1.1.s390x",
"product_id": "go1.24-doc-1.24.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.4-1.1.s390x",
"product": {
"name": "go1.24-libstd-1.24.4-1.1.s390x",
"product_id": "go1.24-libstd-1.24.4-1.1.s390x"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.4-1.1.s390x",
"product": {
"name": "go1.24-race-1.24.4-1.1.s390x",
"product_id": "go1.24-race-1.24.4-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "go1.24-1.24.4-1.1.x86_64",
"product": {
"name": "go1.24-1.24.4-1.1.x86_64",
"product_id": "go1.24-1.24.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-doc-1.24.4-1.1.x86_64",
"product": {
"name": "go1.24-doc-1.24.4-1.1.x86_64",
"product_id": "go1.24-doc-1.24.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-libstd-1.24.4-1.1.x86_64",
"product": {
"name": "go1.24-libstd-1.24.4-1.1.x86_64",
"product_id": "go1.24-libstd-1.24.4-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "go1.24-race-1.24.4-1.1.x86_64",
"product": {
"name": "go1.24-race-1.24.4-1.1.x86_64",
"product_id": "go1.24-race-1.24.4-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64"
},
"product_reference": "go1.24-1.24.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le"
},
"product_reference": "go1.24-1.24.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x"
},
"product_reference": "go1.24-1.24.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-1.24.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64"
},
"product_reference": "go1.24-1.24.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64"
},
"product_reference": "go1.24-doc-1.24.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le"
},
"product_reference": "go1.24-doc-1.24.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x"
},
"product_reference": "go1.24-doc-1.24.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-doc-1.24.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64"
},
"product_reference": "go1.24-doc-1.24.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64"
},
"product_reference": "go1.24-libstd-1.24.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le"
},
"product_reference": "go1.24-libstd-1.24.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x"
},
"product_reference": "go1.24-libstd-1.24.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-libstd-1.24.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64"
},
"product_reference": "go1.24-libstd-1.24.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.4-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64"
},
"product_reference": "go1.24-race-1.24.4-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.4-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le"
},
"product_reference": "go1.24-race-1.24.4-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.4-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x"
},
"product_reference": "go1.24-race-1.24.4-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go1.24-race-1.24.4-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
},
"product_reference": "go1.24-race-1.24.4-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-0913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0913"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0913",
"url": "https://www.suse.com/security/cve/CVE-2025-0913"
},
{
"category": "external",
"summary": "SUSE Bug 1244157 for CVE-2025-0913",
"url": "https://bugzilla.suse.com/1244157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-0913"
},
{
"cve": "CVE-2025-22874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22874"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22874",
"url": "https://www.suse.com/security/cve/CVE-2025-22874"
},
{
"category": "external",
"summary": "SUSE Bug 1244158 for CVE-2025-22874",
"url": "https://bugzilla.suse.com/1244158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22874"
},
{
"cve": "CVE-2025-4673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4673"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4673",
"url": "https://www.suse.com/security/cve/CVE-2025-4673"
},
{
"category": "external",
"summary": "SUSE Bug 1244156 for CVE-2025-4673",
"url": "https://bugzilla.suse.com/1244156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-doc-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-libstd-1.24.4-1.1.x86_64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.aarch64",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.ppc64le",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.s390x",
"openSUSE Tumbleweed:go1.24-race-1.24.4-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4673"
}
]
}
OPENSUSE-SU-2025:15225-1
Vulnerability from csaf_opensuse - Published: 2025-07-03 00:00 - Updated: 2025-07-03 00:00Summary
govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media
Description of the patch: These are all security issues fixed in the govulncheck-vulndb-0.0.20250612T141001-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2025-15225
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.5 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.8 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.1 (Critical)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
68 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2020-36846/ | self |
| https://www.suse.com/security/cve/CVE-2022-31022/ | self |
| https://www.suse.com/security/cve/CVE-2023-42818/ | self |
| https://www.suse.com/security/cve/CVE-2025-0913/ | self |
| https://www.suse.com/security/cve/CVE-2025-1792/ | self |
| https://www.suse.com/security/cve/CVE-2025-22874/ | self |
| https://www.suse.com/security/cve/CVE-2025-25207/ | self |
| https://www.suse.com/security/cve/CVE-2025-25208/ | self |
| https://www.suse.com/security/cve/CVE-2025-2571/ | self |
| https://www.suse.com/security/cve/CVE-2025-29785/ | self |
| https://www.suse.com/security/cve/CVE-2025-3230/ | self |
| https://www.suse.com/security/cve/CVE-2025-3260/ | self |
| https://www.suse.com/security/cve/CVE-2025-3454/ | self |
| https://www.suse.com/security/cve/CVE-2025-3611/ | self |
| https://www.suse.com/security/cve/CVE-2025-3913/ | self |
| https://www.suse.com/security/cve/CVE-2025-4128/ | self |
| https://www.suse.com/security/cve/CVE-2025-4573/ | self |
| https://www.suse.com/security/cve/CVE-2025-4673/ | self |
| https://www.suse.com/security/cve/CVE-2025-47950/ | self |
| https://www.suse.com/security/cve/CVE-2025-48494/ | self |
| https://www.suse.com/security/cve/CVE-2025-48495/ | self |
| https://www.suse.com/security/cve/CVE-2025-48710/ | self |
| https://www.suse.com/security/cve/CVE-2025-48865/ | self |
| https://www.suse.com/security/cve/CVE-2025-48938/ | self |
| https://www.suse.com/security/cve/CVE-2025-48948/ | self |
| https://www.suse.com/security/cve/CVE-2025-48949/ | self |
| https://www.suse.com/security/cve/CVE-2025-49011/ | self |
| https://www.suse.com/security/cve/CVE-2025-49136/ | self |
| https://www.suse.com/security/cve/CVE-2025-49140/ | self |
| https://www.suse.com/security/cve/CVE-2020-36846 | external |
| https://bugzilla.suse.com/1175825 | external |
| https://www.suse.com/security/cve/CVE-2022-31022 | external |
| https://www.suse.com/security/cve/CVE-2023-42818 | external |
| https://www.suse.com/security/cve/CVE-2025-0913 | external |
| https://bugzilla.suse.com/1244157 | external |
| https://www.suse.com/security/cve/CVE-2025-1792 | external |
| https://www.suse.com/security/cve/CVE-2025-22874 | external |
| https://bugzilla.suse.com/1244158 | external |
| https://www.suse.com/security/cve/CVE-2025-25207 | external |
| https://www.suse.com/security/cve/CVE-2025-25208 | external |
| https://www.suse.com/security/cve/CVE-2025-2571 | external |
| https://www.suse.com/security/cve/CVE-2025-29785 | external |
| https://bugzilla.suse.com/1243936 | external |
| https://www.suse.com/security/cve/CVE-2025-3230 | external |
| https://www.suse.com/security/cve/CVE-2025-3260 | external |
| https://www.suse.com/security/cve/CVE-2025-3454 | external |
| https://bugzilla.suse.com/1241683 | external |
| https://www.suse.com/security/cve/CVE-2025-3611 | external |
| https://www.suse.com/security/cve/CVE-2025-3913 | external |
| https://www.suse.com/security/cve/CVE-2025-4128 | external |
| https://www.suse.com/security/cve/CVE-2025-4573 | external |
| https://www.suse.com/security/cve/CVE-2025-4673 | external |
| https://bugzilla.suse.com/1244156 | external |
| https://www.suse.com/security/cve/CVE-2025-47950 | external |
| https://bugzilla.suse.com/1244331 | external |
| https://www.suse.com/security/cve/CVE-2025-48494 | external |
| https://www.suse.com/security/cve/CVE-2025-48495 | external |
| https://www.suse.com/security/cve/CVE-2025-48710 | external |
| https://www.suse.com/security/cve/CVE-2025-48865 | external |
| https://www.suse.com/security/cve/CVE-2025-48938 | external |
| https://bugzilla.suse.com/1243930 | external |
| https://www.suse.com/security/cve/CVE-2025-48948 | external |
| https://www.suse.com/security/cve/CVE-2025-48949 | external |
| https://www.suse.com/security/cve/CVE-2025-49011 | external |
| https://www.suse.com/security/cve/CVE-2025-49136 | external |
| https://www.suse.com/security/cve/CVE-2025-49140 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the govulncheck-vulndb-0.0.20250612T141001-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2025-15225",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15225-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36846 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36846/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-31022 page",
"url": "https://www.suse.com/security/cve/CVE-2022-31022/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-42818 page",
"url": "https://www.suse.com/security/cve/CVE-2023-42818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-0913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-0913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-1792 page",
"url": "https://www.suse.com/security/cve/CVE-2025-1792/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-22874 page",
"url": "https://www.suse.com/security/cve/CVE-2025-22874/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25207 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25207/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-25208 page",
"url": "https://www.suse.com/security/cve/CVE-2025-25208/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-2571 page",
"url": "https://www.suse.com/security/cve/CVE-2025-2571/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-29785 page",
"url": "https://www.suse.com/security/cve/CVE-2025-29785/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3230 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3230/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3260 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3260/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3454 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3454/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3611 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-3913 page",
"url": "https://www.suse.com/security/cve/CVE-2025-3913/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4128 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4128/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4573 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4573/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-4673 page",
"url": "https://www.suse.com/security/cve/CVE-2025-4673/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-47950 page",
"url": "https://www.suse.com/security/cve/CVE-2025-47950/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48494 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48494/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48495 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48495/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48710 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48710/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48865 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48865/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48938 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48938/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48948 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48948/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-48949 page",
"url": "https://www.suse.com/security/cve/CVE-2025-48949/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49011 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49011/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49136 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49136/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-49140 page",
"url": "https://www.suse.com/security/cve/CVE-2025-49140/"
}
],
"title": "govulncheck-vulndb-0.0.20250612T141001-1.1 on GA media",
"tracking": {
"current_release_date": "2025-07-03T00:00:00Z",
"generator": {
"date": "2025-07-03T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2025:15225-1",
"initial_release_date": "2025-07-03T00:00:00Z",
"revision_history": [
{
"date": "2025-07-03T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"product": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"product_id": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
},
"product_reference": "govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36846",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36846"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow, as described in CVE-2020-8927, exists in the embedded Brotli library. Versions of IO::Compress::Brotli prior to 0.007 included a version of the brotli library prior to version 1.0.8, where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your IO::Compress::Brotli module to 0.007 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36846",
"url": "https://www.suse.com/security/cve/CVE-2020-36846"
},
{
"category": "external",
"summary": "SUSE Bug 1175825 for CVE-2020-36846",
"url": "https://bugzilla.suse.com/1175825"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2020-36846"
},
{
"cve": "CVE-2022-31022",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-31022"
}
],
"notes": [
{
"category": "general",
"text": "Bleve is a text indexing library for go. Bleve includes HTTP utilities under bleve/http package, that are used by its sample application. These HTTP methods pave way for exploitation of a node\u0027s filesystem where the bleve index resides, if the user has used bleve\u0027s own HTTP (bleve/http) handlers for exposing the access to the indexes. For instance, the CreateIndexHandler (`http/index_create.go`) and DeleteIndexHandler (`http/index_delete.go`) enable an attacker to create a bleve index (directory structure) anywhere where the user running the server has the write permissions and to delete recursively any directory owned by the same user account. Users who have used the bleve/http package for exposing access to bleve index without the explicit \nhandling for the Role Based Access Controls(RBAC) of the index assets would be impacted by this issue. Version 2.5.0 relocated the `http/` dir used _only_ by bleve-explorer to `blevesearch/bleve-explorer`, thereby addressing the issue. However, the http package is purely intended to be used for demonstration purposes. Bleve was never designed handle the RBACs, nor it was ever advertised to be used in that way. The collaborators of this project have decided to stay away from adding any authentication or authorization to bleve project at the moment. The bleve/http package is mainly for demonstration purposes and it lacks exhaustive validation of the user inputs as well as any authentication and authorization measures. It is recommended to not use bleve/http in production use cases.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-31022",
"url": "https://www.suse.com/security/cve/CVE-2022-31022"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-31022"
},
{
"cve": "CVE-2023-42818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-42818"
}
],
"notes": [
{
"category": "general",
"text": "JumpServer is an open source bastion host. When users enable MFA and use a public key for authentication, the Koko SSH server does not verify the corresponding SSH private key. An attacker could exploit a vulnerability by utilizing a disclosed public key to attempt brute-force authentication against the SSH service This issue has been patched in versions 3.6.5 and 3.5.6. Users are advised to upgrade. There are no known workarounds for this issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-42818",
"url": "https://www.suse.com/security/cve/CVE-2023-42818"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2023-42818"
},
{
"cve": "CVE-2025-0913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-0913"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-0913",
"url": "https://www.suse.com/security/cve/CVE-2025-0913"
},
{
"category": "external",
"summary": "SUSE Bug 1244157 for CVE-2025-0913",
"url": "https://bugzilla.suse.com/1244157"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-0913"
},
{
"cve": "CVE-2025-1792",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-1792"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly enforce access controls for guest users accessing channel member information, allowing authenticated guest users to view metadata about members of public channels via the channel members API endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-1792",
"url": "https://www.suse.com/security/cve/CVE-2025-1792"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-1792"
},
{
"cve": "CVE-2025-22874",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-22874"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-22874",
"url": "https://www.suse.com/security/cve/CVE-2025-22874"
},
{
"category": "external",
"summary": "SUSE Bug 1244158 for CVE-2025-22874",
"url": "https://bugzilla.suse.com/1244158"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-22874"
},
{
"cve": "CVE-2025-25207",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25207"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25207",
"url": "https://www.suse.com/security/cve/CVE-2025-25207"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25207"
},
{
"cve": "CVE-2025-25208",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-25208"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-25208",
"url": "https://www.suse.com/security/cve/CVE-2025-25208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-25208"
},
{
"cve": "CVE-2025-2571",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-2571"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to clear Google OAuth credentials when converting user accounts to bot accounts, allowing attackers to gain unauthorized access to bot accounts via the Google OAuth signup flow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-2571",
"url": "https://www.suse.com/security/cve/CVE-2025-2571"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-2571"
},
{
"cve": "CVE-2025-29785",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-29785"
}
],
"notes": [
{
"category": "general",
"text": "quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different remote addresses (thereby triggering the newly added path validation logic: the server sends path probe packets), and then sending ACKs for packets received from the server specifically crafted to trigger the nil-pointer dereference. v0.50.1 contains a patch that fixes the vulnerability. This release contains a test that generates random sequences of sent packets (both regular and path probe packets), that was used to verify that the patch actually covers all corner cases. No known workarounds are available.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-29785",
"url": "https://www.suse.com/security/cve/CVE-2025-29785"
},
{
"category": "external",
"summary": "SUSE Bug 1243936 for CVE-2025-29785",
"url": "https://bugzilla.suse.com/1243936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-29785"
},
{
"cve": "CVE-2025-3230",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3230"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly invalidate personal access tokens upon user deactivation, allowing deactivated users to maintain full system access by exploiting access token validation flaws via continued usage of previously issued tokens.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3230",
"url": "https://www.suse.com/security/cve/CVE-2025-3230"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3230"
},
{
"cve": "CVE-2025-3260",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3260"
}
],
"notes": [
{
"category": "general",
"text": "A security vulnerability in the /apis/dashboard.grafana.app/* endpoints allows authenticated users to bypass dashboard and folder permissions. The vulnerability affects all API versions (v0alpha1, v1alpha1, v2alpha1).\n\nImpact:\n\n- Viewers can view all dashboards/folders regardless of permissions\n\n- Editors can view/edit/delete all dashboards/folders regardless of permissions\n\n- Editors can create dashboards in any folder regardless of permissions\n\n- Anonymous users with viewer/editor roles are similarly affected\n\nOrganization isolation boundaries remain intact. The vulnerability only affects dashboard access and does not grant access to datasources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3260",
"url": "https://www.suse.com/security/cve/CVE-2025-3260"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-3260"
},
{
"cve": "CVE-2025-3454",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3454"
}
],
"notes": [
{
"category": "general",
"text": "This vulnerability in Grafana\u0027s datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path.\n\nUsers with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources.\n\nThe issue primarily affects datasources that implement route-specific permissions, including Alertmanager and certain Prometheus-based datasources.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3454",
"url": "https://www.suse.com/security/cve/CVE-2025-3454"
},
{
"category": "external",
"summary": "SUSE Bug 1241683 for CVE-2025-3454",
"url": "https://bugzilla.suse.com/1241683"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3454"
},
{
"cve": "CVE-2025-3611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3611"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fails to properly enforce access control restrictions for System Manager roles, allowing authenticated users with System Manager privileges to view team details they should not have access to via direct API requests to team endpoints, even when explicitly configured with \u0027No access\u0027 to Teams in the System Console.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3611",
"url": "https://www.suse.com/security/cve/CVE-2025-3611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-3611"
},
{
"cve": "CVE-2025-3913",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-3913"
}
],
"notes": [
{
"category": "general",
"text": "Mattermost versions 10.7.x \u003c= 10.7.0, 10.6.x \u003c= 10.6.2, 10.5.x \u003c= 10.5.3, 9.11.x \u003c= 9.11.12 fail to properly validate permissions when changing team privacy settings, allowing team administrators without the \u0027invite user\u0027 permission to access and modify team invite IDs via the /api/v4/teams/:teamId/privacy endpoint.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-3913",
"url": "https://www.suse.com/security/cve/CVE-2025-3913"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-3913"
},
{
"cve": "CVE-2025-4128",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4128"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4128",
"url": "https://www.suse.com/security/cve/CVE-2025-4128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-4128"
},
{
"cve": "CVE-2025-4573",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4573"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4573",
"url": "https://www.suse.com/security/cve/CVE-2025-4573"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4573"
},
{
"cve": "CVE-2025-4673",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-4673"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-4673",
"url": "https://www.suse.com/security/cve/CVE-2025-4673"
},
{
"category": "external",
"summary": "SUSE Bug 1244156 for CVE-2025-4673",
"url": "https://bugzilla.suse.com/1244156"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-4673"
},
{
"cve": "CVE-2025-47950",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-47950"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-47950",
"url": "https://www.suse.com/security/cve/CVE-2025-47950"
},
{
"category": "external",
"summary": "SUSE Bug 1244331 for CVE-2025-47950",
"url": "https://bugzilla.suse.com/1244331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-47950"
},
{
"cve": "CVE-2025-48494",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48494"
}
],
"notes": [
{
"category": "general",
"text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. When using end-to-end encryption, a stored cross-site scripting vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users using a version prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A possible workaround would be to disable end-to-end encryption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48494",
"url": "https://www.suse.com/security/cve/CVE-2025-48494"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48494"
},
{
"cve": "CVE-2025-48495",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48495"
}
],
"notes": [
{
"category": "general",
"text": "Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0, there was no user permission system implemented, therefore all authenticated users were already able to see and modify all resources, even if end-to-end encrypted, as the encryption key had to be the same for all users of versions prior to 2.0.0. If a user is the only authenticated user using Gokapi, they are not affected. This issue has been fixed in v2.0.0. A workaround would be to not open the API page if it is possible that another user might have injected code.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48495",
"url": "https://www.suse.com/security/cve/CVE-2025-48495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48495"
},
{
"cve": "CVE-2025-48710",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48710"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48710",
"url": "https://www.suse.com/security/cve/CVE-2025-48710"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-48710"
},
{
"cve": "CVE-2025-48865",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48865"
}
],
"notes": [
{
"category": "general",
"text": "Fabio is an HTTP(S) and TCP router for deploying applications managed by consul. Prior to version 1.6.6, Fabio allows clients to remove X-Forwarded headers (except X-Forwarded-For) due to a vulnerability in how it processes hop-by-hop headers. Fabio adds HTTP headers like X-Forwarded-Host and X-Forwarded-Port when routing requests to backend applications. Since the receiving application should trust these headers, allowing HTTP clients to remove or modify them creates potential security vulnerabilities. Some of these custom headers can be removed and, in certain cases, manipulated. The attack relies on the behavior that headers can be defined as hop-by-hop via the HTTP Connection header. This issue has been patched in version 1.6.6.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48865",
"url": "https://www.suse.com/security/cve/CVE-2025-48865"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2025-48865"
},
{
"cve": "CVE-2025-48938",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48938"
}
],
"notes": [
{
"category": "general",
"text": "go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user\u0027s machine by replacing HTTP URLs provided by GitHub with local file paths for browsing. In `2.12.1`, `Browser.Browse()` has been enhanced to allow and disallow a variety of scenarios to avoid opening or executing files on the filesystem without unduly impacting HTTP URLs. No known workarounds are available other than upgrading.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48938",
"url": "https://www.suse.com/security/cve/CVE-2025-48938"
},
{
"category": "external",
"summary": "SUSE Bug 1243930 for CVE-2025-48938",
"url": "https://bugzilla.suse.com/1243930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-48938"
},
{
"cve": "CVE-2025-48948",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48948"
}
],
"notes": [
{
"category": "general",
"text": "Navidrome is an open source web-based music collection server and streamer. A permission verification flaw in versions prior to 0.56.0 allows any authenticated regular user to bypass authorization checks and perform administrator-only transcoding configuration operations, including creating, modifying, and deleting transcoding settings. In the threat model where administrators are trusted but regular users are not, this vulnerability represents a significant security risk when transcoding is enabled. Version 0.56.0 patches the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48948",
"url": "https://www.suse.com/security/cve/CVE-2025-48948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-48948"
},
{
"cve": "CVE-2025-48949",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-48949"
}
],
"notes": [
{
"category": "general",
"text": "Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the `role` parameter within the API endpoint `/api/artist`. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially gaining unauthorized access to the backend database and compromising sensitive user information. Version 0.56.0 contains a patch for the issue.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-48949",
"url": "https://www.suse.com/security/cve/CVE-2025-48949"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-48949"
},
{
"cve": "CVE-2025-49011",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49011"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49011",
"url": "https://www.suse.com/security/cve/CVE-2025-49011"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-49011"
},
{
"cve": "CVE-2025-49136",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49136"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49136",
"url": "https://www.suse.com/security/cve/CVE-2025-49136"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-49136"
},
{
"cve": "CVE-2025-49140",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-49140"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-49140",
"url": "https://www.suse.com/security/cve/CVE-2025-49140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.aarch64",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.ppc64le",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.s390x",
"openSUSE Tumbleweed:govulncheck-vulndb-0.0.20250612T141001-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2025-07-03T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-49140"
}
]
}
RHSA-2025:10672
Vulnerability from csaf_redhat - Published: 2025-07-09 00:58 - Updated: 2026-04-18 17:49Summary
Red Hat Security Advisory: go-toolset:rhel8 security update
Severity
Moderate
Notes
Topic: An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang.
Security Fix(es):
* net/http: Sensitive headers not cleared on cross-origin redirect in net/http (CVE-2025-4673)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.
6.8 (Medium)
Affected products
Fixed
28 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
References
12 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2025:10672 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=2373305 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2025-4673 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=2373305 | external |
| https://www.cve.org/CVERecord?id=CVE-2025-4673 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2025-4673 | external |
| https://go.dev/cl/679257 | external |
| https://go.dev/issue/73816 | external |
| https://groups.google.com/g/golang-announce/c/ufZ… | external |
| https://pkg.go.dev/vuln/GO-2025-3751 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for the go-toolset:rhel8 module is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as golang. \n\nSecurity Fix(es):\n\n* net/http: Sensitive headers not cleared on cross-origin redirect in net/http (CVE-2025-4673)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2025:10672",
"url": "https://access.redhat.com/errata/RHSA-2025:10672"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "2373305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373305"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2025/rhsa-2025_10672.json"
}
],
"title": "Red Hat Security Advisory: go-toolset:rhel8 security update",
"tracking": {
"current_release_date": "2026-04-18T17:49:46+00:00",
"generator": {
"date": "2026-04-18T17:49:46+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.5"
}
},
"id": "RHSA-2025:10672",
"initial_release_date": "2025-07-09T00:58:21+00:00",
"revision_history": [
{
"date": "2025-07-09T00:58:21+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2025-07-09T00:58:21+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-18T17:49:46+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"product": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src (go-toolset:rhel8)",
"product_id": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=src\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product": {
"name": "golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8)",
"product_id": "golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-docs@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product": {
"name": "golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8)",
"product_id": "golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-misc@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product": {
"name": "golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8)",
"product_id": "golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-src@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product": {
"name": "golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8)",
"product_id": "golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-tests@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=noarch\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8)",
"product_id": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=aarch64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8)",
"product_id": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=ppc64le\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debuginfo@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8)",
"product_id": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/delve-debugsource@1.24.1-1.module%2Bel8.10.0%2B22945%2Bb2c96a17?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8)",
"product_id": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=x86_64\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8)",
"product_id": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/go-toolset@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8)",
"product_id": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
},
{
"category": "product_version",
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8)",
"product_id": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/golang-bin@1.24.4-1.module%2Bel8.10.0%2B23323%2B67916f33?arch=s390x\u0026rpmmod=go-toolset:rhel8:8100020250705224704:a3795dee"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8"
},
"product_reference": "delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8"
},
"product_reference": "go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8"
},
"product_reference": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8"
},
"product_reference": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64 (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8"
},
"product_reference": "golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
},
"product_reference": "golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
},
"product_reference": "golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
},
"product_reference": "golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch (go-toolset:rhel8) as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
},
"product_reference": "golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-4673",
"discovery_date": "2025-06-18T06:34:57.662025+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2373305"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in net/http. Handling Proxy-Authorization and Proxy-Authenticate headers during cross-origin redirects allows these headers to be inadvertently forwarded, potentially exposing sensitive authentication credentials. This flaw allows a network-based attacker to manipulate redirect responses, unintentionally exposing authentication details to unauthorized parties.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The issue is rated as Moderate because while it can lead to a significant compromise of confidentiality, the attack complexity is high. Successful exploitation requires a specific set of circumstances, including the use of a proxy that relies on these headers for authentication and a user being enticed to interact with a malicious URL. The vulnerability does not allow for arbitrary code execution or a direct compromise of system integrity or availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2025-4673"
},
{
"category": "external",
"summary": "RHBZ#2373305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2373305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2025-4673",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-4673"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4673"
},
{
"category": "external",
"summary": "https://go.dev/cl/679257",
"url": "https://go.dev/cl/679257"
},
{
"category": "external",
"summary": "https://go.dev/issue/73816",
"url": "https://go.dev/issue/73816"
},
{
"category": "external",
"summary": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A",
"url": "https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A"
},
{
"category": "external",
"summary": "https://pkg.go.dev/vuln/GO-2025-3751",
"url": "https://pkg.go.dev/vuln/GO-2025-3751"
}
],
"release_date": "2025-06-11T16:42:53.054000+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2025-07-09T00:58:21+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2025:10672"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debuginfo-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:delve-debugsource-0:1.24.1-1.module+el8.10.0+22945+b2c96a17.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:go-toolset-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.src::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.aarch64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.ppc64le::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.s390x::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-bin-0:1.24.4-1.module+el8.10.0+23323+67916f33.x86_64::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-docs-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-misc-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-src-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8",
"AppStream-8.10.0.Z.MAIN.EUS:golang-tests-0:1.24.4-1.module+el8.10.0+23323+67916f33.noarch::go-toolset:rhel8"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…