[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2025-0913":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T14:55:33.319Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":195,"aliases":196,"duplicate_of":9,"upstream":199,"downstream":200,"duplicates":223,"related":224,"reserved_at":9,"published_at":237,"modified_at":238,"state":239,"summary":240,"references_raw":249,"kevs":274,"epss":275,"epss_history":278,"metrics":524,"affected":532},"CVE-2025-0913","os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-59","Improper Link Resolution Before File Access ('Link Following')","The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.","weakness","Draft","Base","Medium",[20,101,162,191],{"id":21,"name":22,"techniques":23},"CAPEC-132","Symlink Attack",[24],{"id":25,"name":26,"tactics":27,"countermeasures":34},"T1547.009","Shortcut Modification",[28,31],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",[35,40,44,48,52,57,62,67,72,77,81,85,89,93,97],{"id":36,"name":37,"tactic":38},"D3-FA","File Analysis",{"name":39},"Detect",{"id":41,"name":42,"tactic":43},"D3-FIM","File Integrity Monitoring",{"name":39},{"id":45,"name":46,"tactic":47},"D3-DA","Dynamic Analysis",{"name":39},{"id":49,"name":50,"tactic":51},"D3-EFA","Emulated File Analysis",{"name":39},{"id":53,"name":54,"tactic":55},"D3-FEV","File Eviction",{"name":56},"Evict",{"id":58,"name":59,"tactic":60},"D3-DF","Decoy File",{"name":61},"Deceive",{"id":63,"name":64,"tactic":65},"D3-FE","File Encryption",{"name":66},"Harden",{"id":68,"name":69,"tactic":70},"D3-RF","Restore File",{"name":71},"Restore",{"id":73,"name":74,"tactic":75},"D3-CF","Content Filtering",{"name":76},"Isolate",{"id":78,"name":79,"tactic":80},"D3-LFP","Local File Permissions",{"name":76},{"id":82,"name":83,"tactic":84},"D3-RFAM","Remote File Access Mediation",{"name":76},{"id":86,"name":87,"tactic":88},"D3-CQ","Content Quarantine",{"name":76},{"id":90,"name":91,"tactic":92},"D3-CM","Content Modification",{"name":76},{"id":94,"name":95,"tactic":96},"D3-EAL","Executable Allowlisting",{"name":76},{"id":98,"name":99,"tactic":100},"D3-EDL","Executable Denylisting",{"name":76},{"id":102,"name":103,"techniques":104},"CAPEC-17","Using Malicious Files",[105,142],{"id":106,"name":107,"tactics":108,"countermeasures":120},"T1574.005","Executable Installer File Permissions Weakness",[109,110,111,114,117],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},"TA0030","Defense Evasion",{"id":115,"name":116},"TA0005","Stealth",{"id":118,"name":119},"TA0104","Execution",[121,126,130,134,138],{"id":122,"name":123,"tactic":124},"D3-SWI","Software Inventory",{"name":125},"Model",{"id":127,"name":128,"tactic":129},"D3-AVE","Asset Vulnerability Enumeration",{"name":125},{"id":131,"name":132,"tactic":133},"D3-SBV","Service Binary Verification",{"name":39},{"id":135,"name":136,"tactic":137},"D3-SU","Software Update",{"name":66},{"id":139,"name":140,"tactic":141},"D3-RS","Restore Software",{"name":71},{"id":143,"name":144,"tactics":145,"countermeasures":151},"T1574.010","Services File Permissions Weakness",[146,147,148,149,150],{"id":29,"name":30},{"id":32,"name":33},{"id":112,"name":113},{"id":115,"name":116},{"id":118,"name":119},[152,154,156,158,160],{"id":122,"name":123,"tactic":153},{"name":125},{"id":127,"name":128,"tactic":155},{"name":125},{"id":131,"name":132,"tactic":157},{"name":39},{"id":135,"name":136,"tactic":159},{"name":66},{"id":139,"name":140,"tactic":161},{"name":71},{"id":163,"name":164,"techniques":165},"CAPEC-35","Leverage Executable Code in Non-Executable Files",[166,173,180],{"id":167,"name":168,"tactics":169,"countermeasures":172},"T1027.006","HTML Smuggling",[170,171],{"id":112,"name":113},{"id":115,"name":116},[],{"id":174,"name":175,"tactics":176,"countermeasures":179},"T1027.009","Embedded Payloads",[177,178],{"id":112,"name":113},{"id":115,"name":116},[],{"id":181,"name":182,"tactics":183,"countermeasures":186},"T1564.009","Resource Forking",[184,185],{"id":112,"name":113},{"id":115,"name":116},[187],{"id":188,"name":189,"tactic":190},"D3-FFV","File Format Verification",{"name":76},{"id":192,"name":193,"techniques":194},"CAPEC-76","Manipulating Web Input to File System Calls",[],[],[197,198],"GO-2025-3750","BIT-golang-2025-0913",[],[201,203,205,207,209,211,213,215,217,219,221],{"_key":202},"SUSE-SU-2025:01846-1",{"_key":204},"SUSE-SU-2025:01848-1",{"_key":206},"SUSE-SU-2025:03158-1",{"_key":208},"SUSE-SU-2025:03159-1",{"_key":210},"SUSE-SU-2025:02120-1",{"_key":212},"OPENSUSE-SU-2025:15223-1",{"_key":214},"OPENSUSE-SU-2025:15224-1",{"_key":216},"OPENSUSE-SU-2025:15225-1",{"_key":218},"OPENSUSE-SU-2025:15586-1",{"_key":220},"MGASA-2025-0184",{"_key":222},"UBUNTU-CVE-2025-0913",[],[225,226,227,228,229,230,231,232,233,234,235],{"_key":202},{"_key":204},{"_key":206},{"_key":208},{"_key":210},{"_key":212},{"_key":214},{"_key":216},{"_key":218},{"_key":220},{"_key":236},"CGA-455F-G86X-5PHG","2025-06-11T17:17:25.606Z","2025-06-11T17:37:52.111Z","Analyzed",{"cisa_kev":241,"cisa_ransomware":241,"cisa_vendor":9,"epss_severity":242,"epss_score":243,"severity":244,"severity_score":245,"severity_version":246,"severity_source":247,"severity_vector":248,"severity_status":239},false,"low",0.0004,"medium",5.5,"v3.1","cve.org","CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",[250,258,263,269],{"url":251,"sources":252,"tags":255},"https://go.dev/cl/672396",[247,253,254],"nvd","osv_go",[256,257],"Issue Tracking","FIX",{"url":259,"sources":260,"tags":261},"https://go.dev/issue/73702",[247,253,254],[256,262],"REPORT",{"url":264,"sources":265,"tags":266},"https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A",[247,253,254],[267,268],"Mailing List","WEB",{"url":270,"sources":271,"tags":272},"https://pkg.go.dev/vuln/GO-2025-3750",[247,253],[273],"Vendor Advisory",[],{"date":276,"score":243,"percentile":277},"2026-06-04",0.12309,[279,283,286,289,292,296,299,301,304,307,309,311,314,316,318,322,326,329,332,334,336,339,342,345,348,351,354,357,360,362,365,368,371,374,376,379,382,385,388,391,393,396,399,402,405,408,410,412,414,416,419,422,424,427,429,431,434,436,438,440,442,445,447,451,454,457,460,463,466,468,471,474,477,479,481,484,487,489,491,493,495,498,501,504,506,509,512,515,518,521],{"date":280,"score":281,"percentile":282},"2025-11-04",0.00008,0.00449,{"date":284,"score":281,"percentile":285},"2025-11-05",0.00448,{"date":287,"score":281,"percentile":288},"2025-11-06",0.00451,{"date":290,"score":281,"percentile":291},"2025-11-07",0.0045,{"date":293,"score":294,"percentile":295},"2025-11-08",0.00007,0.00414,{"date":297,"score":294,"percentile":298},"2025-11-09",0.00413,{"date":300,"score":294,"percentile":298},"2025-11-10",{"date":302,"score":294,"percentile":303},"2025-11-11",0.00412,{"date":305,"score":294,"percentile":306},"2025-11-12",0.00408,{"date":308,"score":294,"percentile":306},"2025-11-13",{"date":310,"score":294,"percentile":306},"2025-11-14",{"date":312,"score":294,"percentile":313},"2025-11-15",0.00409,{"date":315,"score":294,"percentile":313},"2025-11-16",{"date":317,"score":294,"percentile":306},"2025-11-17",{"date":319,"score":320,"percentile":321},"2025-11-18",0.00032,0.05127,{"date":323,"score":324,"percentile":325},"2025-11-19",0.00036,0.06228,{"date":327,"score":324,"percentile":328},"2025-11-20",0.06263,{"date":330,"score":281,"percentile":331},"2025-11-21",0.00506,{"date":333,"score":281,"percentile":331},"2025-11-22",{"date":335,"score":281,"percentile":331},"2025-11-23",{"date":337,"score":281,"percentile":338},"2025-11-24",0.00504,{"date":340,"score":281,"percentile":341},"2025-11-25",0.00503,{"date":343,"score":281,"percentile":344},"2025-11-26",0.00501,{"date":346,"score":281,"percentile":347},"2025-11-27",0.005,{"date":349,"score":281,"percentile":350},"2025-11-28",0.00505,{"date":352,"score":281,"percentile":353},"2025-11-29",0.00512,{"date":355,"score":281,"percentile":356},"2025-11-30",0.00513,{"date":358,"score":281,"percentile":359},"2025-12-01",0.00514,{"date":361,"score":281,"percentile":356},"2025-12-02",{"date":363,"score":281,"percentile":364},"2025-12-03",0.00516,{"date":366,"score":281,"percentile":367},"2025-12-04",0.00519,{"date":369,"score":281,"percentile":370},"2025-12-05",0.00525,{"date":372,"score":281,"percentile":373},"2025-12-06",0.00524,{"date":375,"score":281,"percentile":373},"2025-12-07",{"date":377,"score":281,"percentile":378},"2025-12-08",0.00528,{"date":380,"score":281,"percentile":381},"2025-12-09",0.00542,{"date":383,"score":281,"percentile":384},"2025-12-10",0.00544,{"date":386,"score":281,"percentile":387},"2025-12-11",0.00547,{"date":389,"score":281,"percentile":390},"2025-12-12",0.00553,{"date":392,"score":281,"percentile":390},"2025-12-13",{"date":394,"score":281,"percentile":395},"2025-12-14",0.00552,{"date":397,"score":281,"percentile":398},"2025-12-15",0.00549,{"date":400,"score":281,"percentile":401},"2025-12-16",0.0055,{"date":403,"score":281,"percentile":404},"2025-12-17",0.00554,{"date":406,"score":281,"percentile":407},"2025-12-18",0.00551,{"date":409,"score":281,"percentile":401},"2025-12-19",{"date":411,"score":281,"percentile":401},"2025-12-20",{"date":413,"score":281,"percentile":401},"2025-12-21",{"date":415,"score":281,"percentile":390},"2025-12-22",{"date":417,"score":281,"percentile":418},"2025-12-23",0.00555,{"date":420,"score":281,"percentile":421},"2025-12-24",0.00556,{"date":423,"score":281,"percentile":421},"2025-12-25",{"date":425,"score":281,"percentile":426},"2025-12-26",0.00558,{"date":428,"score":281,"percentile":421},"2025-12-27",{"date":430,"score":281,"percentile":426},"2025-12-28",{"date":432,"score":281,"percentile":433},"2025-12-29",0.00557,{"date":435,"score":281,"percentile":418},"2025-12-30",{"date":437,"score":281,"percentile":407},"2025-12-31",{"date":439,"score":281,"percentile":390},"2026-01-01",{"date":441,"score":281,"percentile":426},"2026-01-02",{"date":443,"score":281,"percentile":444},"2026-01-03",0.00559,{"date":446,"score":281,"percentile":398},"2026-01-04",{"date":448,"score":449,"percentile":450},"2026-01-05",0.00009,0.00716,{"date":452,"score":449,"percentile":453},"2026-01-06",0.00713,{"date":455,"score":449,"percentile":456},"2026-01-07",0.00711,{"date":458,"score":449,"percentile":459},"2026-01-08",0.00717,{"date":461,"score":449,"percentile":462},"2026-01-09",0.00724,{"date":464,"score":449,"percentile":465},"2026-01-10",0.00727,{"date":467,"score":449,"percentile":465},"2026-01-11",{"date":469,"score":449,"percentile":470},"2026-01-12",0.00725,{"date":472,"score":449,"percentile":473},"2026-01-13",0.00723,{"date":475,"score":449,"percentile":476},"2026-01-14",0.00722,{"date":478,"score":449,"percentile":470},"2026-01-15",{"date":480,"score":449,"percentile":470},"2026-01-16",{"date":482,"score":449,"percentile":483},"2026-01-17",0.00726,{"date":485,"score":449,"percentile":486},"2026-01-18",0.00729,{"date":488,"score":449,"percentile":465},"2026-01-19",{"date":490,"score":449,"percentile":462},"2026-01-20",{"date":492,"score":449,"percentile":476},"2026-01-21",{"date":494,"score":449,"percentile":462},"2026-01-22",{"date":496,"score":449,"percentile":497},"2026-01-23",0.00733,{"date":499,"score":449,"percentile":500},"2026-01-24",0.00739,{"date":502,"score":449,"percentile":503},"2026-01-25",0.0074,{"date":505,"score":449,"percentile":503},"2026-01-26",{"date":507,"score":449,"percentile":508},"2026-01-27",0.00744,{"date":510,"score":449,"percentile":511},"2026-01-28",0.00741,{"date":513,"score":449,"percentile":514},"2026-01-29",0.00742,{"date":516,"score":449,"percentile":517},"2026-01-30",0.00752,{"date":519,"score":449,"percentile":520},"2026-01-31",0.00758,{"date":522,"score":449,"percentile":523},"2026-02-01",0.00764,[525,530],{"source":247,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":526,"cvss_v4_0":9},{"baseScore":245,"baseSeverity":527,"vectorString":248,"impactScore":528,"exploitabilityScore":529},"MEDIUM",6,4.6,{"source":253,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":531,"cvss_v4_0":9},{"baseScore":245,"baseSeverity":527,"vectorString":248,"impactScore":528,"exploitabilityScore":529},[533,548,553,563],{"ecosystem":9,"name":534,"vendor":535,"product":534,"cpe_part":536,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":537},"os","go standard library","a",[538,543],{"version":539,"is_range":540,"range_type":247,"version_start":9,"version_start_type":9,"version_end":541,"version_end_type":542,"fixed_in":9},"\u003C 1.23.10",true,"1.23.10","excluding",{"version":544,"is_range":540,"range_type":247,"version_start":545,"version_start_type":546,"version_end":547,"version_end_type":542,"fixed_in":9},">= 1.24.0-0, \u003C 1.24.4","1.24.0-0","including","1.24.4",{"ecosystem":9,"name":549,"vendor":535,"product":549,"cpe_part":536,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":550},"syscall",[551,552],{"version":539,"is_range":540,"range_type":247,"version_start":9,"version_start_type":9,"version_end":541,"version_end_type":542,"fixed_in":9},{"version":544,"is_range":540,"range_type":247,"version_start":545,"version_start_type":546,"version_end":547,"version_end_type":542,"fixed_in":9},{"ecosystem":9,"name":554,"vendor":555,"product":554,"cpe_part":536,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":556},"go","golang",[557,560],{"version":558,"is_range":540,"range_type":559,"version_start":9,"version_start_type":9,"version_end":541,"version_end_type":542,"fixed_in":9},"lt1.23.10","cpe",{"version":561,"is_range":540,"range_type":559,"version_start":562,"version_start_type":546,"version_end":547,"version_end_type":542,"fixed_in":9},"gte1.24.0_lt1.24.4","1.24.0",{"ecosystem":564,"name":565,"vendor":564,"product":565,"cpe_part":9,"purl_type":555,"purl_namespace":9,"purl_name":565,"source":9,"versions":566},"Go","stdlib",[567],{"version":568,"is_range":540,"range_type":569,"version_start":545,"version_start_type":546,"version_end":547,"version_end_type":542,"fixed_in":9},"gte1_24_0_0_lt1_24_4","semver"]