CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.
References
Link Resource
https://go.dev/cl/734220 Patch Product
https://go.dev/issue/76697 Issue Tracking Vendor Advisory
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Mailing List Release Notes
https://pkg.go.dev/vuln/GO-2026-4433 Patch Vendor Advisory
https://access.redhat.com/errata/RHSA-2026:10104
https://access.redhat.com/errata/RHSA-2026:12282
https://access.redhat.com/errata/RHSA-2026:14100
https://access.redhat.com/errata/RHSA-2026:14774
https://access.redhat.com/errata/RHSA-2026:15091
https://access.redhat.com/errata/RHSA-2026:21691
https://access.redhat.com/errata/RHSA-2026:2706
https://access.redhat.com/errata/RHSA-2026:2708
https://access.redhat.com/errata/RHSA-2026:2709
https://access.redhat.com/errata/RHSA-2026:2844
https://access.redhat.com/errata/RHSA-2026:3192
https://access.redhat.com/errata/RHSA-2026:3193
https://access.redhat.com/errata/RHSA-2026:3468
https://access.redhat.com/errata/RHSA-2026:3469
https://access.redhat.com/errata/RHSA-2026:3470
https://access.redhat.com/errata/RHSA-2026:3471
https://access.redhat.com/errata/RHSA-2026:3472
https://access.redhat.com/errata/RHSA-2026:3473
https://access.redhat.com/errata/RHSA-2026:3489
https://access.redhat.com/errata/RHSA-2026:3556
https://access.redhat.com/errata/RHSA-2026:3559
https://access.redhat.com/errata/RHSA-2026:3855
https://access.redhat.com/errata/RHSA-2026:4434
https://access.redhat.com/errata/RHSA-2026:5133
https://access.redhat.com/errata/RHSA-2026:5907
https://access.redhat.com/errata/RHSA-2026:5948
https://access.redhat.com/errata/RHSA-2026:5950
https://access.redhat.com/errata/RHSA-2026:5952
https://access.redhat.com/errata/RHSA-2026:7291
https://access.redhat.com/errata/RHSA-2026:7385
https://access.redhat.com/errata/RHSA-2026:8448
https://access.redhat.com/security/cve/CVE-2025-61732
https://bugzilla.redhat.com/show_bug.cgi?id=2437016
https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

History

30 Jun 2026, 03:16

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2026:10104 -
  • () https://access.redhat.com/errata/RHSA-2026:12282 -
  • () https://access.redhat.com/errata/RHSA-2026:14100 -
  • () https://access.redhat.com/errata/RHSA-2026:14774 -
  • () https://access.redhat.com/errata/RHSA-2026:15091 -
  • () https://access.redhat.com/errata/RHSA-2026:21691 -
  • () https://access.redhat.com/errata/RHSA-2026:2706 -
  • () https://access.redhat.com/errata/RHSA-2026:2708 -
  • () https://access.redhat.com/errata/RHSA-2026:2709 -
  • () https://access.redhat.com/errata/RHSA-2026:2844 -
  • () https://access.redhat.com/errata/RHSA-2026:3192 -
  • () https://access.redhat.com/errata/RHSA-2026:3193 -
  • () https://access.redhat.com/errata/RHSA-2026:3468 -
  • () https://access.redhat.com/errata/RHSA-2026:3469 -
  • () https://access.redhat.com/errata/RHSA-2026:3470 -
  • () https://access.redhat.com/errata/RHSA-2026:3471 -
  • () https://access.redhat.com/errata/RHSA-2026:3472 -
  • () https://access.redhat.com/errata/RHSA-2026:3473 -
  • () https://access.redhat.com/errata/RHSA-2026:3489 -
  • () https://access.redhat.com/errata/RHSA-2026:3556 -
  • () https://access.redhat.com/errata/RHSA-2026:3559 -
  • () https://access.redhat.com/errata/RHSA-2026:3855 -
  • () https://access.redhat.com/errata/RHSA-2026:4434 -
  • () https://access.redhat.com/errata/RHSA-2026:5133 -
  • () https://access.redhat.com/errata/RHSA-2026:5907 -
  • () https://access.redhat.com/errata/RHSA-2026:5948 -
  • () https://access.redhat.com/errata/RHSA-2026:5950 -
  • () https://access.redhat.com/errata/RHSA-2026:5952 -
  • () https://access.redhat.com/errata/RHSA-2026:7291 -
  • () https://access.redhat.com/errata/RHSA-2026:7385 -
  • () https://access.redhat.com/errata/RHSA-2026:8448 -
  • () https://access.redhat.com/security/cve/CVE-2025-61732 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2437016 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json -

17 Jun 2026, 09:50

Type Values Removed Values Added
Summary
  • (es) Una discrepancia entre cómo se analizaban los comentarios de Go y C/C++ permitió el contrabando de código en el binario cgo resultante.
References () https://pkg.go.dev/vuln/GO-2026-4433 - Vendor Advisory, Patch () https://pkg.go.dev/vuln/GO-2026-4433 - Patch, Vendor Advisory

10 Feb 2026, 15:17

Type Values Removed Values Added
First Time Golang go
Golang
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
References () https://go.dev/cl/734220 - () https://go.dev/cl/734220 - Patch, Product
References () https://go.dev/issue/76697 - () https://go.dev/issue/76697 - Issue Tracking, Vendor Advisory
References () https://groups.google.com/g/golang-announce/c/K09ubi9FQFk - () https://groups.google.com/g/golang-announce/c/K09ubi9FQFk - Mailing List, Release Notes
References () https://pkg.go.dev/vuln/GO-2026-4433 - () https://pkg.go.dev/vuln/GO-2026-4433 - Vendor Advisory, Patch

05 Feb 2026, 15:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.6
CWE CWE-94

05 Feb 2026, 04:15

Type Values Removed Values Added
New CVE

Information

Published : 2026-02-05 04:15

Updated : 2026-06-30 03:16


NVD link : CVE-2025-61732

Mitre link : CVE-2025-61732

CVE.ORG link : CVE-2025-61732


JSON object : View

Products Affected

golang

  • go
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')