216.73.217.24

CVE-2025-4674

· Published 29/07/2025 22:15 · Modified 29/07/2025 22:15

Labels: CVE-2025-4674 2025-07-29CVE-2025-4674[email protected]

Essential information

Published
29/07/2025 22:15
Modified
29/07/2025 22:15
Author
Creator
CISA KEV
No
CWE

Description

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

NVD status

Status
Received — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

Affected products (CPE)

ProductCPE
golang / golang cpe:2.3:a:golang:golang:*:*:*:*:*:*:*:*

References