Directory Traversal Vulnerability in Go Programming Language
CVE-2025-22873

3.8LOW

Key Information:

Vendor: Go Standard Library
Status: Os
Vendor: CVE Published:; 4 February 2026

🔔 Create Go Standard Library Vulnerability Alert

Badges

📰 News Worthy

What is CVE-2025-22873?

This vulnerability allows unauthorized access to a parent directory of an os.Root by using a filename that ends with '../'. It poses risks as it could potentially expose sensitive information stored within the parent directory. However, this exploit is limited to accessing the direct parent directory only, and does not allow access to its ancestors or the files contained within.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

os 0 < 1.23.9

os 1.24.0-0 < 1.24.3

News Articles

Ubuntu

CVE-2025-22873

CVE-2025-22873 | Ubuntu

Ubuntu is an open source software operating system that runs from the desktop, to the cloud, to all your internet connected things.

References

https://go.dev/cl/670036

https://go.dev/issue/73555

https://groups.google.com/g/golang-announce/c/UZoIkUT367A...

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Feb 4, 2026
📰
First article discovered by Ubuntu
May 11, 2025
Vulnerability Reserved
Jan 8, 2025

Credit

Dan Sebastian Thrane of SDU eScience Center

JSON

Go Standard Library