vulnerability
Red Hat: CVE-2025-47906: os/exec: Unexpected paths returned from LookPath in os/exec (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 6 | (AV:N/AC:L/Au:N/C:P/I:N/A:P) | Sep 18, 2025 | Nov 14, 2025 | Jan 28, 2026 |
Severity
6
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:P)
Published
Sep 18, 2025
Added
Nov 14, 2025
Modified
Jan 28, 2026
Description
If the PATH environment variable contains paths which are executables (rather than just directories), passing certain strings to LookPath ("", ".", and ".."), can result in the binaries listed in the PATH being unexpectedly returned.
Solutions
redhat-upgrade-delveredhat-upgrade-delve-debuginforedhat-upgrade-delve-debugsourceredhat-upgrade-go-filesystemredhat-upgrade-go-rpm-macrosredhat-upgrade-go-rpm-macros-debuginforedhat-upgrade-go-rpm-macros-debugsourceredhat-upgrade-go-rpm-templatesredhat-upgrade-go-srpm-macrosredhat-upgrade-go-toolsetredhat-upgrade-golangredhat-upgrade-golang-binredhat-upgrade-golang-docsredhat-upgrade-golang-miscredhat-upgrade-golang-raceredhat-upgrade-golang-srcredhat-upgrade-golang-tests
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.