vulnerability

Alpine Linux: CVE-2025-47912: Vulnerability in Multiple Components

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 29, 2025	Oct 31, 2025	Oct 31, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 29, 2025

Added

Oct 31, 2025

Modified

Oct 31, 2025

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Solution

alpine-linux-upgrade-go

References

CVE-2025-47912
https://attackerkb.com/topics/CVE-2025-47912
URL-https://security.alpinelinux.org/vuln/CVE-2025-47912

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today