Filesystem Traversal Vulnerability in OSV-SCALIBR by Google
CVE-2025-13425

1.9LOW

Key Information:

Vendor: Google
Status: Osv-scalibr
Vendor: CVE Published:; 20 November 2025

What is CVE-2025-13425?

A vulnerability in OSV-SCALIBR related to filesystem traversal is caused by a bug in the fallback path for directory iteration. This issue arises when the ReadDir function returns nil for an empty directory. Consequently, the code attempts to overindex an empty slice, leading to a runtime panic (index out of range) that results in an application crash or denial of service. This can disrupt the normal functioning of applications utilizing OSV-SCALIBR, creating potential service outages.

Affected Version(s)

OSV-SCALIBR < 0.3.4

References

https://github.com/google/osv-scalibr/commit/e67c4e198ca0...

CVSS V4

Score:

1.9

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 20, 2025
Vulnerability Reserved
Nov 19, 2025

Credit

Yuvraj Saxena

JSON