CVE-2025-13425

Published: Nov 20, 2025

Modified: Nov 20, 2025

PUBLISHED

Description

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.

Vendor	Product	Versions
Google	OSV-SCALIBR	affected `< 0.3.4`

Weaknesses (CWE)

CWE-476

References

https://github.com/google/osv-scalibr/commit/e67c4e198ca099cb7c16957a80f6c5331d90a672

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2025-13425

Description

Affected Products

Weaknesses (CWE)

References