CVE-2025-0913 Affecting go1.23 package, versions <1.23.10-150000.1.34.1
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-SLES153-GO123-10335871
- published10 Jun 2025
- disclosed9 Jun 2025
Introduced: 9 Jun 2025
NewCVE-2025-0913 (opens in a new tab)How to fix?
Upgrade SLES:15.3 go1.23 to version 1.23.10-150000.1.34.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream go1.23 package and not the go1.23 package as distributed by SLES.
See How to fix? for SLES:15.3 relevant fixed versions and status.
os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.