Low severityOSV Advisory· Published Nov 20, 2025· Updated Apr 15, 2026
CVE-2025-13425
CVE-2025-13425
Description
A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/google/osv-scalibrGo | < 0.3.4 | 0.3.4 |
Affected products
4- Range: v0.1.0, v0.1.1, v0.1.2, …
- ghsa-coords3 versionspkg:golang/github.com/google/osv-scalibrpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
< 0.3.4+ 2 more
- (no CPE)range: < 0.3.4
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
- (no CPE)range: < 0.0.20251209T172047-150000.1.127.1
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.