High severity7.5NVD Advisory· Published Feb 6, 2025· Updated Apr 15, 2026
CVE-2025-22867
CVE-2025-22867
Description
On Darwin, building a Go module which contains CGO can trigger arbitrary code execution when using the Apple version of ld, due to usage of the @executable_path, @loader_path, or @rpath special values in a "#cgo LDFLAGS" directive. This issue only affected go1.24rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
8- osv-coords7 versionspkg:bitnami/golangpkg:rpm/opensuse/go1.24&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.24&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/govulncheck-vulndb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP6
>= 1.24.0-rc.2, < 1.24.0-rc.3+ 6 more
- (no CPE)range: >= 1.24.0-rc.2, < 1.24.0-rc.3
- (no CPE)range: < 1.24rc3-150000.1.6.1
- (no CPE)range: < 1.24rc3-1.1
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
- (no CPE)range: < 0.0.20250207T224745-1.1
- (no CPE)range: < 1.24rc3-150000.1.6.1
- (no CPE)range: < 0.0.20250207T224745-150000.1.32.1
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.