Unrated severityNVD Advisory· Published Jul 29, 2025· Updated Nov 4, 2025
Unexpected command execution in untrusted VCS repositories in cmd/go
CVE-2025-4674
Description
The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS (e.g. Git), but contains metadata for another VCS (e.g. Mercurial). Modules which are retrieved using the go command line, i.e. via "go get", are not affected.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
121- osv-coords120 versionspkg:apk/chainguard/agentbeatpkg:apk/chainguard/falcopkg:apk/chainguard/falco-devpkg:apk/chainguard/falco-srcpkg:apk/chainguard/nemopkg:apk/chainguard/newrelic-fluent-bit-output-compatpkg:apk/chainguard/nvidia-nsight-compute-12.8pkg:apk/chainguard/nvidia-nsight-compute-13.0pkg:apk/chainguard/nvidia-nsight-compute-13.1pkg:apk/chainguard/nvidia-nsight-compute-13.2pkg:apk/wolfi/falcopkg:apk/wolfi/falco-devpkg:apk/wolfi/falco-srcpkg:apk/wolfi/newrelic-fluent-bit-output-compatpkg:bitnami/golangpkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/opensuse/go1.23&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.23&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.23-openssl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.24&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.24&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.24-openssl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.25&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/go1.25&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.25-openssl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.23&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.23&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.23-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.24&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.24&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.24-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.25&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.25&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Enterprise%20Storage%207.1pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP6pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP7pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/go1.25-openssl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6
< 9.1.0-r3+ 119 more
- (no CPE)range: < 9.1.0-r3
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 2.5.2-r2
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 2025.1.1.2-r8
- (no CPE)range: < 2025.3.0.19-r2
- (no CPE)range: < 2025.4.1.2-r1
- (no CPE)range: < 2026.1.1.2-r0
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 0.42.0-r0
- (no CPE)range: < 2.4.0-r5
- (no CPE)range: < 1.23.11
- (no CPE)range: < 1.24.1-1.module_el8.10.0+3977+66935a26
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.24.6-1.el9_6
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-1.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-1.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25rc2-1.1
- (no CPE)range: < 1.25.0-150600.13.3.1
- (no CPE)range: < 0.0.20250730T213748-1.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.11-150000.1.37.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.23.12-150600.13.9.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.23.12-150000.1.18.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.5-150000.1.29.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 1.24.6-150600.13.9.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.24.6-150000.1.12.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.5.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150600.13.3.1
- (no CPE)range: < 1.25.0-150600.13.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.6-150600.13.9.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.0-150000.1.3.1
- (no CPE)range: < 1.25.6-150600.13.9.1
- Go toolchain/cmd/gov5Range: 0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.