VYPR
Unrated severityNVD Advisory· Published Oct 29, 2025· Updated Nov 4, 2025

Insufficient validation of bracketed IPv6 hostnames in net/url

CVE-2025-47912

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3116

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.