CVE-2025-68119

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2025-68119

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68119.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-68119

Aliases

Downstream

BELL-CVE-2025-68119

CLEANSTART-2026-FI29887

CLEANSTART-2026-RD09851

DEBIAN-CVE-2025-68119

ECHO-3090-16c7-c5fd

MINI-232r-qh3r-rf67

MINI-2jv8-6pjx-9vr6

MINI-2pcv-59xr-qvf9

MINI-2qmm-25jh-pmgm

MINI-2r47-vcr6-wqfp

MINI-2rg7-7f3x-h4v4

MINI-3427-9w6p-pf3f

MINI-3r8f-xfpx-jvr8

MINI-3wfc-m3f8-r8ch

MINI-3wqf-fx4g-2vf3

MINI-42gp-6rmw-2fx7

MINI-43p3-5cv4-h5fg

MINI-43w8-wr9g-qp5h

MINI-47rw-cm97-4v8c

MINI-486r-856j-q5xw

MINI-48wp-r38q-gj78

MINI-4p2c-f246-4rgm

MINI-4v4j-9g8j-4gwh

MINI-4vp2-rvj6-8q7p

MINI-4xrx-fgv6-cwfr

MINI-5287-6773-pggw

MINI-59j8-rp7c-m6gf

MINI-59jx-vccq-mj7v

MINI-5fch-6ccw-vvgq

MINI-5p87-29hq-4jhp

MINI-5wgp-gp8v-m92g

MINI-66mv-3r5p-c8v4

MINI-682g-8hmh-p2jm

MINI-6fx9-j2fv-jfjr

MINI-6xf3-f9q9-c7r5

MINI-73r6-c667-922v

MINI-745c-r48p-939x

MINI-7fpv-rqqq-49gv

MINI-7fv4-xgfh-5x48

MINI-7p3g-f68m-jxvc

MINI-7r6c-7xj8-4grh

MINI-7w2f-5jr2-xmjx

MINI-7wvf-qhp9-9vjm

MINI-7xxr-f9hg-px35

MINI-84cv-6j5c-f73m

MINI-84vx-f5wq-7pqw

MINI-87fm-3r67-r28f

MINI-8c9j-75h8-3g39

MINI-8f69-69gh-3hhc

MINI-8jq9-w75q-jvhh

MINI-8mpf-v8r2-57x9

MINI-8p4w-chwc-3r26

MINI-8rvq-3x4h-5x9m

MINI-8v8w-jvmw-5vvp

MINI-92p7-fg9h-j247

MINI-972q-f72g-h7qw

MINI-97rg-2vwv-qj2f

MINI-98c2-5xff-w9c3

MINI-9cq9-g9c6-hm5g

MINI-9cvx-w9jh-4vjr

MINI-9rx2-jcxq-4j49

MINI-c349-rxgm-6c3x

MINI-c6pg-w9qh-hrwv

MINI-c8rp-chwq-h986

MINI-c8xg-qr7f-g2mw

MINI-ch68-2rww-4g4j

MINI-chc7-cwr9-xf4w

MINI-chh9-p722-5x62

MINI-cr67-9q36-3j86

MINI-f4h9-v2rc-44wx

MINI-f567-cw82-gv6v

MINI-f5rg-hhf2-4w52

MINI-f5v6-85r3-m338

MINI-f9r3-c7jr-pwqw

MINI-ff4q-ghfc-5rc6

MINI-fmff-rhff-wmq5

MINI-fmrx-c3vm-mv5q

MINI-fmwv-28p5-q87v

MINI-fwfq-46hv-rw47

MINI-fwq7-7vj8-m296

MINI-g2m4-f374-9rcj

MINI-g487-f7c7-gxw9

MINI-g64c-9895-g33m

MINI-g8gq-qvwg-3v3f

MINI-h523-7f68-66rv

MINI-h5hg-p7hj-hpwj

MINI-h62p-244j-62q4

MINI-h77g-27q6-w3pm

MINI-h984-j5f8-v955

MINI-hfjr-r2w9-jfq9

MINI-hp55-pm36-rwjh

MINI-hxhv-q6m2-24pp

MINI-j2fp-pg54-r87j

MINI-jf4q-7xqm-jcf4

MINI-jjvw-wv8p-w4wx

MINI-jq6j-3r5v-g36c

MINI-jrp2-2q49-rmh8

MINI-jvhr-vx33-45cj

MINI-jxm2-h72v-hjhc

MINI-m3mm-8hj9-8943

MINI-m3pp-vwm8-7x8m

MINI-m67f-92q2-3482

MINI-m827-x36p-w62x

MINI-m85f-g5pf-qxc6

MINI-m9g8-cpv2-fpmf

MINI-mhw8-jqcx-f73p

MINI-mp8g-wvgm-787x

MINI-mrq7-vw6j-r3wc

MINI-mvqx-f6c5-jx22

MINI-p26v-xg3p-3qh3

MINI-p2rp-cmjr-6395

MINI-p4gm-r86q-m8g2

MINI-p4q5-hhcf-p42h

MINI-p7hg-q638-xjjg

MINI-pfq8-jj79-9pp9

MINI-ppj4-qhw3-phvx

MINI-pq4r-5v24-p64j

MINI-q433-2vrx-69p2

MINI-q64w-w6mf-99rm

MINI-qp77-xph6-8jw6

MINI-qr8v-8m68-g7x8

MINI-qw9g-jmgv-98jh

MINI-r4q7-fp2j-jgj7

MINI-rh52-mvm8-rwc7

MINI-v2mj-pf5h-r94f

MINI-vcxw-qmh3-g45f

MINI-vp2c-gr8x-5rmh

MINI-vpcx-v55f-9fg9

MINI-vr68-hxjw-hh5c

MINI-vrwj-q5f9-8hpg

MINI-vvqc-mmpc-pq79

MINI-vx2q-qc27-h5g6

MINI-w3mw-vv86-hm82

MINI-w5gv-2vw2-mq95

MINI-w5pp-7p28-j4wf

MINI-w6mc-hpq7-6r7h

MINI-w7mf-mfhc-v7cp

MINI-wh64-q8wv-8fch

MINI-wpq6-6qrq-j57q

MINI-wwqf-p2wp-4mr9

MINI-wx3j-7fmf-85vg

MINI-x49q-fqfw-h62j

MINI-x58v-84hm-2vp8

MINI-x8fx-m676-gj3m

MINI-x9jr-9mm6-qh5g

MINI-xmx8-jfcv-php2

MINI-xv26-8xqw-94g4

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

SUSE-SU-2026:0308-1

UBUNTU-CVE-2025-68119

Related

Published

2026-01-28T20:16:11.443Z

Modified

2026-02-14T01:11:48.007671Z

Severity

7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.

References

Affected packages

Git / github.com/golang/go

Affected ranges

Type: GIT
Repo: https://github.com/golang/go
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

63a1b82d1e68ddd87652467303901593efe0ff11

Introduced

6e676ab2b809d46623acb5988248d95d1eb7939c

Fixed

69801b25b9624c3a678ef87d30771861e7bba51f

Affected versions

go1.*

go1.25.0

go1.25.1

go1.25.2

go1.25.3

go1.25.4

go1.25.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-68119.json"