CVE-2025-0913

Published: Jun 11, 2025

Modified: Jun 11, 2025

PUBLISHED

Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Vendor	Product	Versions
Go standard library	syscall	affected `0 - < 1.23.10` affected `1.24.0-0 - < 1.24.4`
Go standard library	os	affected `0 - < 1.23.10` affected `1.24.0-0 - < 1.24.4`

References

https://go.dev/cl/672396

https://go.dev/issue/73702

https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A

https://pkg.go.dev/vuln/GO-2025-3750

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-0913

Description

Affected Products

References