Vulnerabilities

CVE-2025-22873

by Fred · 04/02/2026

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in “../”. For example, Root.Open(“../”) would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

More information : https://go.dev/cl/670036

Similar

Tags: Cybersecurity Alert