Unrated severityNVD Advisory· Published Jun 11, 2025· Updated Jun 11, 2025

Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall

CVE-2025-0913

Description

os.OpenFile(path, os.O_CREATE|O_EXCL) behaved differently on Unix and Windows systems when the target path was a dangling symlink. On Unix systems, OpenFile with O_CREATE and O_EXCL flags never follows symlinks. On Windows, when the target path was a symlink to a nonexistent location, OpenFile would create a file in that location. OpenFile now always returns an error when the O_CREATE and O_EXCL flags are both set and the target path is a symlink.

Affected products

osv-coords69 versions
pkg:apk/chainguard/go-1.20 pkg:apk/chainguard/go-1.20-doc pkg:apk/chainguard/go-1.22 pkg:apk/chainguard/go-1.22-doc pkg:apk/chainguard/newrelic-fluent-bit-output pkg:apk/chainguard/newrelic-fluent-bit-output-compat pkg:apk/chainguard/nvidia-nsight-compute-12.8 pkg:apk/chainguard/nvidia-nsight-compute-12.9 pkg:apk/chainguard/nvidia-nsight-compute-13.0 pkg:apk/chainguard/nvidia-nsight-compute-13.1 pkg:apk/wolfi/go-1.20 pkg:apk/wolfi/go-1.20-doc pkg:apk/wolfi/go-1.22 pkg:apk/wolfi/go-1.22-doc pkg:apk/wolfi/newrelic-fluent-bit-output pkg:apk/wolfi/newrelic-fluent-bit-output-compat pkg:bitnami/golang pkg:rpm/opensuse/go1.23&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/go1.23&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.23-openssl&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/go1.24&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/go1.24&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/go1.24-openssl&distro=openSUSE%20Leap%2015.6 pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweed pkg:rpm/opensuse/kubecolor&distro=openSUSE%20Tumbleweed pkg:rpm/suse/go1.23&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/go1.24&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Enterprise%20Storage%207.1 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSS pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4 pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
< 1.20.14-r9+ 68 more
- (no CPE)range: < 1.20.14-r9
- (no CPE)range: < 1.20.14-r9
- (no CPE)range: < 1.22.12-r8
- (no CPE)range: < 1.22.12-r8
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 2025.1.1.2-r7
- (no CPE)range: < 2025.2.1.3-r5
- (no CPE)range: < 2025.3.0.19-r2
- (no CPE)range: < 2025.4.1.2-r0
- (no CPE)range: < 1.20.14-r9
- (no CPE)range: < 1.20.14-r9
- (no CPE)range: < 1.22.12-r8
- (no CPE)range: < 1.22.12-r8
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 1.23.10
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-1.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-1.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 0.0.20250612T141001-1.1
- (no CPE)range: < 0.5.2-1.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.10-150000.1.34.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.26.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
- (no CPE)range: < 1.24.4-150000.1.9.1
Go standard library/osv5
Range: 0
Go standard library/syscallv5
Range: 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

go.dev/cl/672396mitre
go.dev/issue/73702mitre
groups.google.com/g/golang-announce/c/ufZ8WpEsA3Amitre
pkg.go.dev/vuln/GO-2025-3750mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000