vulnerability

SUSE: CVE-2025-47912: SUSE Linux Security Advisory

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:P/I:N/A:N)	Oct 11, 2025	Dec 5, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

Oct 11, 2025

Added

Dec 5, 2025

Modified

Dec 5, 2025

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

Solutions

suse-upgrade-go1-24suse-upgrade-go1-24-docsuse-upgrade-go1-24-racesuse-upgrade-go1-25suse-upgrade-go1-25-docsuse-upgrade-go1-25-race

References

CVE-2025-47912
https://attackerkb.com/topics/CVE-2025-47912
SUSE-SUSE-SU-2025:03547-1
SUSE-SUSE-SU-2025:3682-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today