CVE-2025-4674

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-4674

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4674.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-4674

Aliases

Downstream

BELL-CVE-2025-4674

DEBIAN-CVE-2025-4674

ECHO-6fb1-590b-9dd9

MINI-2cxj-c57q-397w

MINI-2fvm-qmmp-j33m

MINI-2wjx-wh7p-3qvm

MINI-33vx-9rpj-w2g9

MINI-34p5-9r6x-cf85

MINI-3qcr-2h43-9hcr

MINI-447w-72px-p6x4

MINI-4cr3-mg3q-3f27

MINI-4wpj-459m-3932

MINI-524x-c63r-963q

MINI-554q-3v7g-p326

MINI-5mh4-xrvj-6xgc

MINI-5r5f-6frq-66wx

MINI-5wqq-c366-f2r9

MINI-66wv-xxg9-x494

MINI-6qm9-pm7w-q29w

MINI-6x7h-wg96-3vmj

MINI-7m88-253j-rqh7

MINI-7mj6-7q5x-wgc4

MINI-8567-xqj9-75v7

MINI-8whv-xj6h-4824

MINI-93m5-xf6f-pjgp

MINI-9j7x-xxc7-84q5

MINI-c446-p3f7-qxh3

MINI-c6xf-mr69-5h53

MINI-ch96-342v-8mv7

MINI-cqcc-c2xv-pqxq

MINI-cr5g-9977-8jwf

MINI-cv3m-27r6-9p7w

MINI-cv7c-75r7-m84r

MINI-f2c6-3h5c-f2f4

MINI-f67c-x4qv-9c6v

MINI-fjh7-6782-prpw

MINI-fmq5-f632-fc4q

MINI-g5c2-rhjr-j5pc

MINI-g84h-8qc3-68pq

MINI-gpr6-8f34-f834

MINI-gvfx-43g3-r6qq

MINI-gx4f-mwj5-pp28

MINI-gxx6-wqr3-9hv4

MINI-h36c-j8gg-rxq7

MINI-h92p-436m-vc56

MINI-hf5g-j875-352f

MINI-hhwg-xhrq-rj38

MINI-hjc4-hx3c-cwp2

MINI-j4h5-vjcp-x42p

MINI-jjxp-vj3h-j446

MINI-jm69-fxqq-8xw7

MINI-jr6j-qm5w-p827

MINI-jx4m-xrq8-gcp7

MINI-mp74-g5m5-r6fw

MINI-mw76-hrj8-mm9g

MINI-phfx-7vrv-7x9p

MINI-qjr7-qqhx-fpf4

MINI-qw6m-w5xx-64j9

MINI-r2jh-q7hp-93gp

MINI-r87v-g2h3-pg64

MINI-rhrq-g48f-h735

MINI-rm3p-vr56-qr4v

MINI-rpqw-hrmm-rcjv

MINI-rr9x-p839-hgwr

MINI-v6g8-7x6g-cjg4

MINI-v8xj-w2hg-cqxc

MINI-w67r-8pxq-wjv4

MINI-w6xc-7vh4-m2pr

MINI-w93x-254j-9gvv

MINI-wc86-fxrv-9hc8

MINI-ww6w-8rvh-pgv2

MINI-x22g-f835-h2fh

MINI-x64v-rrxq-pfj9

MINI-xvx2-7whc-vg2j

MINI-xw3w-9crp-gr2j

OESA-2025-2181

OESA-2025-2182

OESA-2025-2260

RHSA-2025:13935

RHSA-2025:13936

RHSA-2025:13939

RHSA-2025:13940

RHSA-2025:13941

RHSA-2025:14093

RLSA-2025:13935

RLSA-2025:13940

RLSA-2025:13941

SUSE-SU-2025:02295-1

SUSE-SU-2025:02296-1

SUSE-SU-2025:02924-1

SUSE-SU-2025:03115-1

SUSE-SU-2025:03158-1

SUSE-SU-2025:03159-1

SUSE-SU-2025:03161-1

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

UBUNTU-CVE-2025-4674

Related

Published

2025-07-29T22:15:25.380Z

Modified

2026-02-04T21:35:08.918875Z

Severity

8.6 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Fixed

0a75dd7c2dcf7057ef200290d8f5c4c1514dba80

Introduced

3901409b5d0fb7c85a3e6730a59943cc93b2835c

Fixed

9d828e80fa1f3cc52de60428cae446b35b576de8

Affected versions

go1.*

go1.24.0

go1.24.1

go1.24.2

go1.24.3

go1.24.4

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-4674.json"