CVE-2025-47906
Description
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath (, ., and ..), can result in the binaries listed in the PATH being unexpectedly returned.
Risk Information
Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
EPSS Score
Exploitation Probability
0.028
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP7) go1.23-race-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP6) go1.23-race-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP7) go1.23-doc-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP6) go1.23-doc-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP7) go1.23-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02759-1(Development Tools Module 15 SP6) go1.23-1.23.12-150000.1.40.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP7) go1.24-race-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP6) go1.24-race-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP7) go1.24-doc-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP6) go1.24-doc-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP7) go1.24-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
| SUSE-SU-2025:02760-1(Development Tools Module 15 SP6) go1.24-1.24.6-150000.1.32.1.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234