PT-2026-2489 · Mercurial+3 · Mercurial+3

Splitline

·

Published

2025-01-01

·

Updated

2026-05-21

·

CVE-2025-68119

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Go (affected versions not specified)
Description A flaw exists where downloading and building modules with malicious version strings can lead to local code execution. Systems utilizing Mercurial (hg) are susceptible to unexpected code execution when downloading modules from non-standard sources, stemming from the construction of external VCS commands. This issue can also be triggered by supplying malicious version strings directly to the toolchain. On systems with Git installed, malicious version strings can enable an attacker to write to arbitrary files on the filesystem, but this requires explicitly providing the malicious strings and does not impact usage of @latest or bare module paths. The issue relates to unexpected code execution when invoking the toolchain.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Memory Corruption

Weakness Enumeration

CWE-787

Related Identifiers

AZL-75639
AZL-75698
AZL-75728
AZL-78939
BDU:2026-03601
BIT-GOLANG-2025-68119
CLEANSTART-2026-AC01087
CLEANSTART-2026-AC65885
CLEANSTART-2026-AE87452
CLEANSTART-2026-AH29678
CLEANSTART-2026-BB17877
CLEANSTART-2026-BB70412
CLEANSTART-2026-BG69533
CLEANSTART-2026-BK44511
CLEANSTART-2026-BR79647
CLEANSTART-2026-BS27946
CLEANSTART-2026-CC08450
CLEANSTART-2026-CD91667
CLEANSTART-2026-CH40794
CLEANSTART-2026-CH77232
CLEANSTART-2026-CI59834
CLEANSTART-2026-CN84623
CLEANSTART-2026-DB61851
CLEANSTART-2026-DF22934
CLEANSTART-2026-DG06447
CLEANSTART-2026-DO09088
CLEANSTART-2026-DO31246
CLEANSTART-2026-DP35743
CLEANSTART-2026-EL10860
CLEANSTART-2026-FB07695
CLEANSTART-2026-FH54780
CLEANSTART-2026-FI29887
CLEANSTART-2026-FJ01373
CLEANSTART-2026-GB36430
CLEANSTART-2026-GI67088
CLEANSTART-2026-GR41888
CLEANSTART-2026-GY48351
CLEANSTART-2026-GZ72045
CLEANSTART-2026-HB06257
CLEANSTART-2026-HO21235
CLEANSTART-2026-HQ78610
CLEANSTART-2026-HU33730
CLEANSTART-2026-HX94762
CLEANSTART-2026-JK38734
CLEANSTART-2026-JV26120
CLEANSTART-2026-KC83705
CLEANSTART-2026-LG79681
CLEANSTART-2026-LI04631
CLEANSTART-2026-LN66182
CLEANSTART-2026-LS12576
CLEANSTART-2026-ML42911
CLEANSTART-2026-MQ21261
CLEANSTART-2026-MV81821
CLEANSTART-2026-MX15076
CLEANSTART-2026-NB78893
CLEANSTART-2026-NX54250
CLEANSTART-2026-OD56729
CLEANSTART-2026-OJ21550
CLEANSTART-2026-OL17158
CLEANSTART-2026-PP64690
CLEANSTART-2026-PV93827
CLEANSTART-2026-PV98664
CLEANSTART-2026-PW57640
CLEANSTART-2026-QA19540
CLEANSTART-2026-QO20135
CLEANSTART-2026-QR52625
CLEANSTART-2026-QU88766
CLEANSTART-2026-RA52239
CLEANSTART-2026-RD09851
CLEANSTART-2026-RM01950
CLEANSTART-2026-RX06063
CLEANSTART-2026-SE34232
CLEANSTART-2026-SF37618
CLEANSTART-2026-SQ18258
CLEANSTART-2026-SQ24713
CLEANSTART-2026-SU44499
CLEANSTART-2026-SV08737
CLEANSTART-2026-TC31671
CLEANSTART-2026-TF98824
CLEANSTART-2026-TH33219
CLEANSTART-2026-TI57220
CLEANSTART-2026-TL66481
CLEANSTART-2026-TZ92532
CLEANSTART-2026-UF78567
CLEANSTART-2026-UG89030
CLEANSTART-2026-UM45661
CLEANSTART-2026-UW03847
CLEANSTART-2026-VN02574
CLEANSTART-2026-VU90450
CLEANSTART-2026-VX40916
CLEANSTART-2026-VZ35122
CLEANSTART-2026-WA84208
CLEANSTART-2026-WL14185
CLEANSTART-2026-WN01990
CLEANSTART-2026-WO87803
CVE-2025-68119
ECHO-3090-16C7-C5FD
GO-2026-4338
MGASA-2026-0035
OESA-2026-1698
OESA-2026-1699
OESA-2026-1700
OESA-2026-1701
OESA-2026-1702
OESA-2026-1703
OPENSUSE-SU-2026:10063-1
OPENSUSE-SU-2026:10064-1
OPENSUSE-SU-2026:10101-1
OPENSUSE-SU-2026:20077-1
OPENSUSE-SU-2026:20085-1
OPENSUSE-SU-2026:20220-1
OPENSUSE-SU-2026:20301-1
OPENSUSE-SU-2026:20308-1
OPENSUSE-SU-2026:20619-1
RHSA-2026:7291
RHSA-2026:7385
SUSE-SU-2026:0218-1
SUSE-SU-2026:0219-1
SUSE-SU-2026:0296-1
SUSE-SU-2026:0297-1
SUSE-SU-2026:0298-1
SUSE-SU-2026:0308-1
SUSE-SU-2026:0354-1
SUSE-SU-2026:0426-1
SUSE-SU-2026:0687-1
SUSE-SU-2026:0789-1
SUSE-SU-2026:20122-1
SUSE-SU-2026:20132-1
SUSE-SU-2026:20429-1
SUSE-SU-2026:20623-1
SUSE-SU-2026:20629-1

Affected Products

Git
Go
Mercurial
Red Os