Vulnerabilities

CVE-2025-22867

by Fred · 06/02/2025

On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a “#cgo LDFLAGS” directive. This issue only affected go1.24rc2.

More information : https://go.dev/cl/646996

Similar

Tags: Cybersecurity Alert