PT-2025-42736 · Golang+4 · Golang+4

Published

2025-01-01

Updated

2026-03-06

CVE-2025-47912

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions golang versions 1.15 golang versions 1.19

Description The net/url package does not properly validate bracketed IPv6 hostnames. This can lead to issues when parsing URLs containing IPv6 addresses enclosed in brackets.

Recommendations Update to a newer version of golang that contains a fix for this vulnerability.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1286

Related Identifiers

ALT-PU-2025-12749

ALT-PU-2025-13232

AZL-78905

BDU:2025-14527

BIT-GOLANG-2025-47912

CLEANSTART-2025-EU07511

CVE-2025-47912

ECHO-EFA8-0654-2E47

GO-2025-4010

MGASA-2025-0256

OPENSUSE-SU-2025:15608-1

OPENSUSE-SU-2025:15609-1

OPENSUSE-SU-2025:15695-1

OPENSUSE-SU-2025:15703-1

OPENSUSE-SU-2025:15723-1

OPENSUSE-SU-2025:20157-1

OPENSUSE-SU-2025:20158-1

OPENSUSE-SU-2026:20301-1

OPENSUSE-SU-2026:20308-1

RHSA-2026:7291

RHSA-2026:7385

SUSE-SU-2025:03547-1

SUSE-SU-2025:21192-1

SUSE-SU-2025:21193-1

SUSE-SU-2025:3682-1

SUSE-SU-2025_03547-1

SUSE-SU-2025_3682-1

SUSE-SU-2026:0296-1

SUSE-SU-2026:0297-1

SUSE-SU-2026:0298-1

SUSE-SU-2026:0308-1

SUSE-SU-2026:20623-1

SUSE-SU-2026:20629-1

Affected Products

Alt Linux

Debian

Red Os

Suse

Golang

PT-2025-42736 · Golang+4 · Golang+4

CVE-2025-47912

Weakness Enumeration

Related Identifiers

Affected Products

References · 140