CVE-2025-4674

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-4674

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-4674.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2025-4674

Aliases

Downstream

BELL-CVE-2025-4674

DEBIAN-CVE-2025-4674

ECHO-6fb1-590b-9dd9

MINI-2cxj-c57q-397w

MINI-2fvm-qmmp-j33m

MINI-2wjx-wh7p-3qvm

MINI-33vx-9rpj-w2g9

MINI-34p5-9r6x-cf85

MINI-3qcr-2h43-9hcr

MINI-3qh2-4hxg-xrmw

MINI-447w-72px-p6x4

MINI-4cr3-mg3q-3f27

MINI-4wpj-459m-3932

MINI-524x-c63r-963q

MINI-554q-3v7g-p326

MINI-5mh4-xrvj-6xgc

MINI-5r5f-6frq-66wx

MINI-5wqq-c366-f2r9

MINI-62hf-m4jq-rgvr

MINI-638m-6wmj-5r55

MINI-66wv-xxg9-x494

MINI-6qm9-pm7w-q29w

MINI-6x7h-wg96-3vmj

MINI-7m88-253j-rqh7

MINI-7mj6-7q5x-wgc4

MINI-8567-xqj9-75v7

MINI-8whv-xj6h-4824

MINI-93m5-xf6f-pjgp

MINI-9j7x-xxc7-84q5

MINI-c446-p3f7-qxh3

MINI-c5xg-qqqm-3wg9

MINI-c6xf-mr69-5h53

MINI-ch96-342v-8mv7

MINI-cqcc-c2xv-pqxq

MINI-cr5g-9977-8jwf

MINI-cv3m-27r6-9p7w

MINI-cv7c-75r7-m84r

MINI-f67c-x4qv-9c6v

MINI-fjh7-6782-prpw

MINI-fmq5-f632-fc4q

MINI-g5c2-rhjr-j5pc

MINI-g84h-8qc3-68pq

MINI-gpr6-8f34-f834

MINI-gvfx-43g3-r6qq

MINI-gx4f-mwj5-pp28

MINI-gxx6-wqr3-9hv4

MINI-h36c-j8gg-rxq7

MINI-h92p-436m-vc56

MINI-hf5g-j875-352f

MINI-hhwg-xhrq-rj38

MINI-hjc4-hx3c-cwp2

MINI-hr78-35cf-j7q5

MINI-j4h5-vjcp-x42p

MINI-jjxp-vj3h-j446

MINI-jm69-fxqq-8xw7

MINI-jr6j-qm5w-p827

MINI-jx4m-xrq8-gcp7

MINI-mp74-g5m5-r6fw

MINI-mw76-hrj8-mm9g

MINI-phfx-7vrv-7x9p

MINI-qjr7-qqhx-fpf4

MINI-qw6m-w5xx-64j9

MINI-r2jh-q7hp-93gp

MINI-r87v-g2h3-pg64

MINI-rhrq-g48f-h735

MINI-rm3p-vr56-qr4v

MINI-rpqw-hrmm-rcjv

MINI-rr9x-p839-hgwr

MINI-rw29-8xg2-3v5f

MINI-v6g8-7x6g-cjg4

MINI-v8xj-w2hg-cqxc

MINI-w67r-8pxq-wjv4

MINI-w6xc-7vh4-m2pr

MINI-w93x-254j-9gvv

MINI-wc86-fxrv-9hc8

MINI-wqq4-ppfr-c68c

MINI-ww6w-8rvh-pgv2

MINI-x22g-f835-h2fh

MINI-x64v-rrxq-pfj9

MINI-xvx2-7whc-vg2j

MINI-xw3w-9crp-gr2j

OESA-2025-2181

OESA-2025-2182

OESA-2025-2260

RHSA-2025:13935

RHSA-2025:13936

RHSA-2025:13939

RHSA-2025:13940

RHSA-2025:13941

RHSA-2025:14093

RLSA-2025:13940

SUSE-SU-2025:02295-1

SUSE-SU-2025:02296-1

SUSE-SU-2025:02924-1

SUSE-SU-2025:03115-1

SUSE-SU-2025:03158-1

SUSE-SU-2025:03159-1

SUSE-SU-2025:03161-1

UBUNTU-CVE-2025-4674

Related

Published

2025-07-29T22:15:25Z

Modified

2025-08-09T20:01:27Z

Summary

[none]

Details

The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.

References

Affected packages