Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

INFO

Published Date :

2025-10-29T22:10:13.435Z

Last Modified :

2025-11-04T21:10:57.384Z

Source :

Go
AFFECTED PRODUCTS

The following products are affected by CVE-2025-47912 vulnerability.

Vendors Products
Golang
  • Net
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2025-47912.

URL Resource
https://go.dev/cl/709857 cve-icon cve-icon
https://go.dev/issue/75678 cve-icon cve-icon
https://groups.google.com/g/golang-announce/c/4Emdl2iQ_bI cve-icon cve-icon
https://pkg.go.dev/vuln/GO-2025-4010 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact