CVE-2025-47907
Last modified
CVE-2025-47907 is a high-severity vulnerability rated 7/10 on the CVSS scale. Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Metrics
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.23.12 |
| Golang | Go | >= 1.24.0, < 1.24.6 |
References
- https://go.dev/issue/74831Issue Tracking, Third Party Advisory
- https://groups.google.com/g/golang-announce/c/x5MKroML2yMMailing List, Release Notes
- https://pkg.go.dev/vuln/GO-2025-3849Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/08/06/1Mailing List, Release Notes
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-47907?
How severe is CVE-2025-47907?
How do I fix CVE-2025-47907?
Are you affected by CVE-2025-47907?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST