cbcvebase.
CVE-2025-0913
published 2025-06-11

CVE-2025-0913: os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile…

PriorityP424medium5.5CVSS 3.1
AVLACLPRLUINSUCNIHAN
EPSS
0.24%
15.7th percentile
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Affected

18 ranges
VendorProductVersion rangeFixed in
debiangolang-1.15
debiangolang-1.19
debiangolang-1.24
go_standard_libraryos< 1.23.101.23.10
go_standard_libraryos>= 1.24.0-0 < 1.24.41.24.4
go_standard_librarysyscall< 1.23.101.23.10
go_standard_librarysyscall>= 1.24.0-0 < 1.24.41.24.4
golanggo< 1.23.101.23.10
golanggo>= 1.24.0 < 1.24.41.24.4
msrcazl3_golang_1.23.9-1_on_azure_linux_3.0
msrcazl3_golang_1.24.3-1_on_azure_linux_3.0
msrcazl3_python-tensorboard_2.16.2-6_on_azure_linux_3.0
msrcazl3_tensorflow_2.16.1-9_on_azure_linux_3.0
msrccbl2_golang_1.18.8-7_on_cbl_mariner_2.0
msrccbl2_golang_1.22.7-3_on_cbl_mariner_2.0
msrccbl2_msft-golang_1.24.1-2_on_cbl_mariner_2.0
msrccbl2_python-tensorboard_2.11.0-3_on_cbl_mariner_2.0
msrccbl2_tensorflow_2.11.1-2_on_cbl_mariner_2.0

CVSS provenance

nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
osv5.5MEDIUM
vendor_debian5.5LOW
vendor_msrc5.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.