CVE-2025-47906

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-47906

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-47906.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-47906

Aliases

Downstream

BELL-CVE-2025-47906

ECHO-720b-9e21-965c

MINI-2j6j-m58j-6xv4

MINI-2p4g-cjpm-m5rw

MINI-2pxf-jxrc-26jq

MINI-335j-f49m-gr62

MINI-3384-72c7-r249

MINI-338r-4qrv-wgh3

MINI-36cf-3w5x-5g3p

MINI-3g6f-44rv-x9hj

MINI-3j29-vhff-7fhw

MINI-42v8-r3x7-9q2h

MINI-44wv-v6h7-m3gh

MINI-4796-jv3v-w2cq

MINI-49hc-m6cm-m5vv

MINI-4c4f-pw4q-g46w

MINI-4cfw-pggq-p54h

MINI-4hgp-j37q-86v4

MINI-4mqg-458w-ccjp

MINI-536m-8mp7-3984

MINI-53pw-9m3q-rhg2

MINI-5622-95rh-5mmf

MINI-5884-2q6q-qq94

MINI-59p4-g9vw-f74v

MINI-5g33-9r7v-wfv2

MINI-5gr5-6vq3-mfgr

MINI-5hcg-jw9v-8mhx

MINI-5j73-pwqf-q3qm

MINI-5jf3-5f6f-vfgm

MINI-5m3h-cmg5-pwmw

MINI-662w-5v34-wj76

MINI-67qg-jwcj-8839

MINI-72pq-9qww-3hpm

MINI-7crv-4362-q62c

MINI-7m2m-76m5-9vxg

MINI-7mgm-m69q-hwjv

MINI-7qr3-3f2m-wvvr

MINI-7x8x-3j8r-6jc7

MINI-8272-87mm-w4rp

MINI-82h4-h6gp-393c

MINI-849c-ggv8-g965

MINI-87q7-8r9q-7cxw

MINI-89vh-hgpg-jf52

MINI-8pj8-6c3c-q5h6

MINI-8rgf-cjf6-9hr6

MINI-8x66-59hv-rwq6

MINI-8xfq-jqp9-xxpr

MINI-974m-2w3f-w883

MINI-9g3x-gv8m-c937

MINI-9gq3-8377-jcqh

MINI-9j35-chqx-5hxr

MINI-9jmp-hwvw-wr2m

MINI-9qvf-5j92-hvmw

MINI-9r3c-jv96-hrcm

MINI-9w83-4gv7-vchw

MINI-ccp7-wqgq-hgc6

MINI-cfxm-v35j-jjh4

MINI-cqx2-675m-fc3j

MINI-f33h-2jgh-532p

MINI-f37r-ffmv-6275

MINI-fcq2-5wjc-28jr

MINI-g39x-369v-434f

MINI-g93v-6pqj-93h8

MINI-gmh9-pqxh-vphv

MINI-gpcf-4mx6-43r2

MINI-gw49-84qr-85r7

MINI-gw6f-v4vm-4m99

MINI-h2p3-98w7-fvcf

MINI-hvv5-g869-v7q7

MINI-j94p-w7wq-7f3f

MINI-j99w-vr94-2fx3

MINI-j9fm-c3gf-623q

MINI-jcxx-cj45-qq7r

MINI-jf4x-p432-hf8g

MINI-jpc9-hgp7-3j58

MINI-jr3v-vw67-jv4m

MINI-m47q-4849-p46q

MINI-m757-6g8p-gxp2

MINI-mq65-3hvv-649w

MINI-mvr3-gmvf-mh9h

MINI-p54f-m387-mw9x

MINI-pjjg-m5xr-566x

MINI-pxwc-pxp8-jhc7

MINI-q2qh-785c-8w2c

MINI-q4v8-pvrh-625f

MINI-qp36-xfh8-vm25

MINI-qrrv-gxhh-w427

MINI-qx5f-p9c3-m49f

MINI-qxp5-pc8j-7h27

MINI-r2pg-mpmc-63q3

MINI-r4fj-9gmh-mwr9

MINI-rhmx-9hc5-cg22

MINI-rr6f-2fxp-2gpv

MINI-rvgm-34f9-wxv9

MINI-rxv6-p8vv-433f

MINI-v3rj-wx7w-g2v9

MINI-v489-6j69-98qv

MINI-v4rj-5mx8-hg3v

MINI-vm84-pw26-xvjq

MINI-vqfx-q85p-4cg3

MINI-vwhg-2hvp-g2xf

MINI-w4m6-jp2r-8xj8

MINI-w5r6-82g8-cw75

MINI-w882-fp2p-5hrq

MINI-w9jh-q424-vcf7

MINI-wf47-2hhc-99x7

MINI-wqvx-xfhg-c5qx

MINI-wvfh-m5qg-hgjr

MINI-ww93-rhh5-r329

MINI-wx4q-5fqp-r9w3

MINI-x347-j2f7-4ppw

MINI-x35r-7528-7cpp

MINI-x49v-r427-jgpw

MINI-x96m-x3wx-rj39

MINI-x9rg-mv9p-qphq

MINI-xmcg-ch36-6qgr

MINI-xrw8-8698-3cx9

MINI-xwrh-xx8g-xwrf

MINI-xxv4-rxfr-92fp

OESA-2025-2180

OESA-2025-2181

OESA-2025-2182

OESA-2025-2183

OESA-2025-2184

OESA-2025-2260

SUSE-SU-2025:02924-1

SUSE-SU-2025:03115-1

SUSE-SU-2025:03158-1

SUSE-SU-2025:03159-1

SUSE-SU-2025:03161-1

SUSE-SU-2025:03289-1

UBUNTU-CVE-2025-47906

Related

Published

2025-09-18T19:15:37Z

Modified

2025-09-22T15:10:29.012742Z

Summary

[none]

Details

If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.

References

Affected packages

Debian:11 / golang-1.15

Package

Name: golang-1.15
Purl: pkg:deb/debian/golang-1.15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.15.9-6

1.15.15-1~deb11u1

1.15.15-1~deb11u2

1.15.15-1~deb11u3

1.15.15-1~deb11u4

1.15.15-1

1.15.15-2

1.15.15-3

1.15.15-4

1.15.15-5

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-1.19

Package

Name: golang-1.19
Purl: pkg:deb/debian/golang-1.19?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.19.8-2

1.19.9-1

1.19.10-1

1.19.10-2

1.19.11-1

1.19.12-1

1.19.12-2~bpo11+1

1.19.12-2~bpo12+1

1.19.12-2

1.19.13-1~bpo11+1

1.19.13-1~bpo12+1

1.19.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-1.24

Package

Name: golang-1.24
Purl: pkg:deb/debian/golang-1.24?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.24.4-1

1.24.4-2

1.24.4-3

1.24.4-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / golang-1.24

Package

Name: golang-1.24
Purl: pkg:deb/debian/golang-1.24?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.24.4-1

1.24.4-2

1.24.4-3

1.24.4-4

Ecosystem specific

{
    "urgency": "not yet assigned"
}