Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

INFO

Published Date :

2025-06-11T17:17:25.606Z

Last Modified :

2025-06-11T17:37:52.111Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-0913 vulnerability.

Vendors Products
Golang
  • Go
Microsoft
  • Windows
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-0913.

URL Resource
https://go.dev/cl/672396 cve-icon cve-icon
https://go.dev/issue/73702 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/ufZ8WpEsA3A cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2025-3750 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact