UBUNTU-CVE-2025-22872
- Source
- https://ubuntu.com/security/CVE-2025-22872
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2025/UBUNTU-CVE-2025-22872.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2025-22872
- Upstream
- Published
- 2025-04-16T18:16:00Z
- Modified
- 2025-10-24T05:18:01Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
The tokenizer incorrectly interprets tags with unquoted attribute values that end with a solidus character (/) as self-closing. When directly using Tokenizer, this can result in such tags incorrectly being marked as self-closing, and when using the Parse functions, this can result in content following such tags as being placed in the wrong scope during DOM construction, but only when tags are in foreign content (e.g. <math>, <svg>, etc contexts).
- References
-
- https://ubuntu.com/security/CVE-2025-22872
- https://www.cve.org/CVERecord?id=CVE-2025-22872
- https://go.dev/cl/662715
- https://groups.google.com/g/golang-announce/c/ezSKR9vqbqA
- https://pkg.go.dev/vuln/GO-2025-3595
- https://github.com/TheDegenerateDev5150/net/commit/e1fcd82abba34df74614020343be8eb1fe85f0d9
Affected packages
Ubuntu:20.04:LTS
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~20.04.8?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.2.10-0ubuntu1
1.3.2-0ubuntu1
1.3.3-0ubuntu1
1.3.3-0ubuntu2
1.3.3-0ubuntu2.1
1.3.3-0ubuntu2.2
1.3.3-0ubuntu2.3
1.4.4-0ubuntu1~20.04.2
1.5.2-0ubuntu1~20.04.1
1.5.2-0ubuntu1~20.04.2
1.5.2-0ubuntu1~20.04.3
1.5.5-0ubuntu3~20.04.1
1.5.5-0ubuntu3~20.04.2
1.5.9-0ubuntu1~20.04.1
1.5.9-0ubuntu1~20.04.4
1.5.9-0ubuntu1~20.04.5
1.5.9-0ubuntu1~20.04.6
1.6.12-0ubuntu1~20.04.1
1.6.12-0ubuntu1~20.04.3
1.6.12-0ubuntu1~20.04.5
1.6.12-0ubuntu1~20.04.6
1.6.12-0ubuntu1~20.04.7
1.6.12-0ubuntu1~20.04.8
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd@1:0.10?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~22.04.9?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.5.5-0ubuntu3
1.5.9-0ubuntu1
1.5.9-0ubuntu2
1.5.9-0ubuntu3
1.5.9-0ubuntu3.1
1.6.12-0ubuntu1~22.04.1
1.6.12-0ubuntu1~22.04.3
1.6.12-0ubuntu1~22.04.5
1.6.12-0ubuntu1~22.04.6
1.6.12-0ubuntu1~22.04.7
1.6.12-0ubuntu1~22.04.8
1.6.12-0ubuntu1~22.04.9
Ubuntu:25.04
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.7.24~ds1-5ubuntu1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.7.18~ds2-1ubuntu1
1.7.23~ds2-1ubuntu1
1.7.24~ds1-1ubuntu1
1.7.24~ds1-4ubuntu1
1.7.24~ds1-5ubuntu1
golang-golang-x-net
Package
- Name
- golang-golang-x-net
- Purl
- pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-1?arch=source&distro=plucky
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:25.10
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.7.24~ds1-8ubuntu1?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
golang-golang-x-net
Package
- Name
- golang-golang-x-net
- Purl
- pkg:deb/ubuntu/golang-golang-x-net@1:0.27.0-2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS
golang-golang-x-net-dev
Package
- Name
- golang-golang-x-net-dev
- Purl
- pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.0+git20150226.3d87fd6-3
0.0+git20151007.b846920+dfsg-1
1:0.*
1:0.0+git20150817.66f0418-1
1:0.0+git20160110.4fd4a9f-1
1:0.0+git20160110.4fd4a9f-1ubuntu0.1~esm1
juju-core
Package
- Name
- juju-core
- Purl
- pkg:deb/ubuntu/juju-core@2.3.7-0ubuntu0.16.04.1+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.24.6-0ubuntu3
1.25.0-0ubuntu1
1.25.0-0ubuntu2
1.25.0-0ubuntu3
2.*
2.0~beta4-0ubuntu2
2.0~beta6-0ubuntu1.16.04.1
2.0~beta7-0ubuntu1.16.04.1
2.0~beta12-0ubuntu1.16.04.1
2.0~beta15-0ubuntu2.16.04.1
2.0.0-0ubuntu0.16.04.2
2.0.2-0ubuntu0.16.04.1
2.0.2-0ubuntu0.16.04.2
2.3.1-0ubuntu0.16.04.1
2.3.2-0ubuntu0.16.04.1
2.3.7-0ubuntu0.16.04.1
2.3.7-0ubuntu0.16.04.1+esm1
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd@2.0.11-0ubuntu1~16.04.4+esm1?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.20-0ubuntu4
0.21-0ubuntu3
0.21-0ubuntu5
0.22-0ubuntu1
0.22-0ubuntu2
0.23-0ubuntu1
0.23-0ubuntu2
0.23-0ubuntu3
0.24-0ubuntu2
0.24-0ubuntu3
0.24-0ubuntu4
0.25-0ubuntu1
0.26-0ubuntu2
0.26-0ubuntu3
0.27-0ubuntu1
0.27-0ubuntu2
2.*
2.0.0~beta1-0ubuntu3
2.0.0~beta1-0ubuntu4
2.0.0~beta2-0ubuntu1
2.0.0~beta2-0ubuntu2
2.0.0~beta3-0ubuntu1
2.0.0~beta3-0ubuntu2
2.0.0~beta3-0ubuntu3
2.0.0~beta3-0ubuntu4
2.0.0~beta4-0ubuntu1
2.0.0~beta4-0ubuntu2
2.0.0~beta4-0ubuntu3
2.0.0~beta4-0ubuntu4
2.0.0~beta4-0ubuntu5
2.0.0~beta4-0ubuntu6
2.0.0~beta4-0ubuntu7
2.0.0~rc1-0ubuntu1
2.0.0~rc1-0ubuntu2
2.0.0~rc1-0ubuntu3
2.0.0~rc2-0ubuntu2
2.0.0~rc2-0ubuntu3
2.0.0~rc3-0ubuntu1
2.0.0~rc3-0ubuntu2
2.0.0~rc3-0ubuntu3
2.0.0~rc3-0ubuntu4
2.0.0~rc4-0ubuntu1
2.0.0~rc5-0ubuntu1
2.0.0~rc6-0ubuntu1
2.0.0~rc6-0ubuntu2
2.0.0~rc7-0ubuntu1
2.0.0~rc7-0ubuntu2
2.0.0~rc8-0ubuntu1
2.0.0~rc8-0ubuntu2
2.0.0~rc8-0ubuntu3
2.0.0~rc8-0ubuntu5
2.0.0~rc8-0ubuntu6
2.0.0~rc8-0ubuntu7
2.0.0~rc9-0ubuntu2
2.0.0~rc9-0ubuntu3
2.0.0~rc9-0ubuntu4
2.0.0~rc9-0ubuntu5
2.0.0-0ubuntu1
2.0.0-0ubuntu2
2.0.0-0ubuntu3
2.0.0-0ubuntu4
2.0.1-0ubuntu1~16.04.1
2.0.2-0ubuntu1~16.04.1
2.0.3-0ubuntu1~ubuntu16.04.2
2.0.4-0ubuntu1~ubuntu16.04.1
2.0.5-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.1
2.0.8-0ubuntu1~ubuntu16.04.2
2.0.9-0ubuntu1~16.04.1
2.0.9-0ubuntu1~16.04.2
2.0.10-0ubuntu1~16.04.1
2.0.10-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.2
2.0.11-0ubuntu1~16.04.4
2.0.11-0ubuntu1~16.04.4+esm1
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "golang-github-lxc-lxd-dev"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxc2"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd-client"
},
{
"binary_version": "2.0.11-0ubuntu1~16.04.4+esm1",
"binary_name": "lxd-tools"
}
]
}containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.2.6-0ubuntu1~16.04.6+esm5?arch=source&distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.2.1-0ubuntu4~16.04
0.2.3-0ubuntu1~16.04
0.2.5-0ubuntu1~16.04.1
1.*
1.2.6-0ubuntu1~16.04.2
1.2.6-0ubuntu1~16.04.3
1.2.6-0ubuntu1~16.04.4
1.2.6-0ubuntu1~16.04.5
1.2.6-0ubuntu1~16.04.6
1.2.6-0ubuntu1~16.04.6+esm1
1.2.6-0ubuntu1~16.04.6+esm2
1.2.6-0ubuntu1~16.04.6+esm4
1.2.6-0ubuntu1~16.04.6+esm5
Ubuntu:Pro:18.04:LTS
lxd
Package
- Name
- lxd
- Purl
- pkg:deb/ubuntu/lxd@3.0.3-0ubuntu1~18.04.2+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.18-0ubuntu6
2.19-0ubuntu1
2.20-0ubuntu3
2.20-0ubuntu4
2.21-0ubuntu1
2.21-0ubuntu2
2.21-0ubuntu3
2.21-0ubuntu4
3.*
3.0.0~beta2-0ubuntu3
3.0.0~beta3-0ubuntu3
3.0.0~beta5-0ubuntu2
3.0.0~beta7-0ubuntu1
3.0.0-0ubuntu1
3.0.0-0ubuntu2
3.0.0-0ubuntu3
3.0.0-0ubuntu4
3.0.1-0ubuntu1~18.04.1
3.0.2-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.1
3.0.3-0ubuntu1~18.04.2
3.0.3-0ubuntu1~18.04.2+esm1
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.6.12-0ubuntu1~18.04.1+esm2?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
0.*
0.2.5-0ubuntu2
1.*
1.2.6-0ubuntu1~18.04.1
1.2.6-0ubuntu1~18.04.2
1.3.3-0ubuntu1~18.04.1
1.3.3-0ubuntu1~18.04.2
1.3.3-0ubuntu1~18.04.3
1.3.3-0ubuntu1~18.04.4
1.4.4-0ubuntu1~18.04.2
1.5.2-0ubuntu1~18.04.1
1.5.2-0ubuntu1~18.04.2
1.5.2-0ubuntu1~18.04.3
1.5.5-0ubuntu3~18.04.1
1.5.5-0ubuntu3~18.04.2
1.5.9-0ubuntu1~18.04.1
1.5.9-0ubuntu1~18.04.2
1.6.12-0ubuntu1~18.04.1
1.6.12-0ubuntu1~18.04.1+esm1
1.6.12-0ubuntu1~18.04.1+esm2
golang-golang-x-net-dev
Package
- Name
- golang-golang-x-net-dev
- Purl
- pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0+git20170629.c81e7f2+dfsg-1ubuntu1
1:0.0+git20170629.c81e7f2+dfsg-1ubuntu2
1:0.0+git20170629.c81e7f2+dfsg-2
1:0.0+git20170629.c81e7f2+dfsg-2ubuntu0.1~esm1
Ubuntu:Pro:20.04:LTS
golang-golang-x-net-dev
Package
- Name
- golang-golang-x-net-dev
- Purl
- pkg:deb/ubuntu/golang-golang-x-net-dev@1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0+git20190811.74dc4d7+dfsg-1
1:0.0+git20190811.74dc4d7+dfsg-1ubuntu0.1~esm1
Ubuntu:Pro:22.04:LTS
golang-golang-x-net
Package
- Name
- golang-golang-x-net
- Purl
- pkg:deb/ubuntu/golang-golang-x-net@1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.0+git20210119.5f4716e+dfsg-4
1:0.0+git20210805.aaa1db6+dfsg-1
1:0.0+git20211209.491a49a+dfsg-1
1:0.0+git20211209.491a49a+dfsg-1ubuntu0.1~esm1
Ubuntu:Pro:24.04:LTS
containerd
Package
- Name
- containerd
- Purl
- pkg:deb/ubuntu/containerd@1.6.24~ds1-1ubuntu1.3+esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1.*
1.6.20~ds1-1ubuntu2
1.6.24~ds1-1ubuntu1
1.6.24~ds1-1ubuntu1.1
1.6.24~ds1-1ubuntu1.2
1.6.24~ds1-1ubuntu1.2+esm1
1.6.24~ds1-1ubuntu1.3
1.6.24~ds1-1ubuntu1.3+esm1
golang-golang-x-net
Package
- Name
- golang-golang-x-net
- Purl
- pkg:deb/ubuntu/golang-golang-x-net@1:0.21.0+dfsg-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:0.*
1:0.10.0-1
1:0.17.0+dfsg-1
1:0.20.0+dfsg-1
1:0.21.0+dfsg-1
1:0.21.0+dfsg-1ubuntu0.1~esm1