High severityNVD Advisory· Published Aug 15, 2025· Updated Aug 15, 2025
HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack
CVE-2025-8959
Description
HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hashicorp/go-getterGo | < 1.7.9 | 1.7.9 |
Affected products
131- osv-coords130 versionspkg:apk/chainguard/chainctlpkg:apk/chainguard/cloudbeatpkg:apk/chainguard/cloudbeat-9.0pkg:apk/chainguard/cloudbeat-fipspkg:apk/chainguard/cloudbeat-fips-8.17pkg:apk/chainguard/cloudbeat-fips-9.0pkg:apk/chainguard/conftestpkg:apk/chainguard/conftest-fipspkg:apk/chainguard/docker-credential-cgrpkg:apk/chainguard/grypepkg:apk/chainguard/grype-dbpkg:apk/chainguard/grype-db-managerpkg:apk/chainguard/grype-fipspkg:apk/chainguard/k9spkg:apk/chainguard/k9s-fipspkg:apk/chainguard/kotspkg:apk/chainguard/kots-compatpkg:apk/chainguard/kots-symlink-compatpkg:apk/chainguard/kubescapepkg:apk/chainguard/opentofu-1.10pkg:apk/chainguard/opentofu-1.10-compatpkg:apk/chainguard/opentofu-1.10-local-provider-configpkg:apk/chainguard/opentofu-1.7pkg:apk/chainguard/opentofu-1.7-compatpkg:apk/chainguard/opentofu-1.7-local-provider-configpkg:apk/chainguard/opentofu-1.8pkg:apk/chainguard/opentofu-1.8-compatpkg:apk/chainguard/opentofu-1.8-local-provider-configpkg:apk/chainguard/opentofu-1.9pkg:apk/chainguard/opentofu-1.9-compatpkg:apk/chainguard/opentofu-1.9-local-provider-configpkg:apk/chainguard/opentofu-fips-1.10pkg:apk/chainguard/opentofu-fips-1.7pkg:apk/chainguard/opentofu-fips-1.9pkg:apk/chainguard/rancher-fleetpkg:apk/chainguard/rancher-fleet-agentpkg:apk/chainguard/rancher-fleet-agent-fipspkg:apk/chainguard/rancher-fleet-clipkg:apk/chainguard/rancher-fleet-cli-fipspkg:apk/chainguard/rancher-fleet-controllerpkg:apk/chainguard/rancher-fleet-controller-fipspkg:apk/chainguard/rancher-fleet-fipspkg:apk/chainguard/rancher-fleet-fips-agentpkg:apk/chainguard/rancher-fleet-termination-logpkg:apk/chainguard/snyk-clipkg:apk/chainguard/steampipepkg:apk/chainguard/syftpkg:apk/chainguard/syft-fipspkg:apk/chainguard/terraformpkg:apk/chainguard/terraform-1.10pkg:apk/chainguard/terraform-1.10-compatpkg:apk/chainguard/terraform-1.10-local-provider-configpkg:apk/chainguard/terraform-1.11pkg:apk/chainguard/terraform-1.11-compatpkg:apk/chainguard/terraform-1.11-local-provider-configpkg:apk/chainguard/terraform-1.12pkg:apk/chainguard/terraform-1.12-compatpkg:apk/chainguard/terraform-1.12-local-provider-configpkg:apk/chainguard/terraform-1.9pkg:apk/chainguard/terraform-1.9-compatpkg:apk/chainguard/terraform-1.9-local-provider-configpkg:apk/chainguard/terraform-fips-1.10pkg:apk/chainguard/terraform-fips-1.10-compatpkg:apk/chainguard/terraform-fips-1.10-local-provider-configpkg:apk/chainguard/terraform-fips-1.11pkg:apk/chainguard/terraform-fips-1.11-compatpkg:apk/chainguard/terraform-fips-1.11-local-provider-configpkg:apk/chainguard/terraform-fips-1.12pkg:apk/chainguard/terraform-fips-1.12-compatpkg:apk/chainguard/terraform-fips-1.12-local-provider-configpkg:apk/chainguard/terraform-fips-1.9pkg:apk/chainguard/terraform-fips-1.9-compatpkg:apk/chainguard/terraform-fips-1.9-local-provider-configpkg:apk/chainguard/terragruntpkg:apk/chainguard/terragrunt-docspkg:apk/chainguard/tflintpkg:apk/chainguard/tflint-compatpkg:apk/chainguard/tfsecpkg:apk/chainguard/trivypkg:apk/chainguard/trivy-fipspkg:apk/chainguard/trivy-operatorpkg:apk/chainguard/trivy-operator-fipspkg:apk/chainguard/wolfictlpkg:apk/chainguard/xeolpkg:apk/chainguard/xeol-compatpkg:apk/chainguard/xeol-fipspkg:apk/chainguard/zarfpkg:apk/chainguard/zotpkg:apk/wolfi/conftestpkg:apk/wolfi/grypepkg:apk/wolfi/k9spkg:apk/wolfi/kotspkg:apk/wolfi/kots-compatpkg:apk/wolfi/kots-symlink-compatpkg:apk/wolfi/kubescapepkg:apk/wolfi/opentofu-1.10pkg:apk/wolfi/opentofu-1.10-compatpkg:apk/wolfi/opentofu-1.10-local-provider-configpkg:apk/wolfi/opentofu-1.7pkg:apk/wolfi/opentofu-1.7-compatpkg:apk/wolfi/opentofu-1.7-local-provider-configpkg:apk/wolfi/opentofu-1.8pkg:apk/wolfi/opentofu-1.8-compatpkg:apk/wolfi/opentofu-1.8-local-provider-configpkg:apk/wolfi/opentofu-1.9pkg:apk/wolfi/opentofu-1.9-compatpkg:apk/wolfi/opentofu-1.9-local-provider-configpkg:apk/wolfi/rancher-fleetpkg:apk/wolfi/rancher-fleet-agentpkg:apk/wolfi/rancher-fleet-clipkg:apk/wolfi/rancher-fleet-controllerpkg:apk/wolfi/rancher-fleet-termination-logpkg:apk/wolfi/snyk-clipkg:apk/wolfi/steampipepkg:apk/wolfi/syftpkg:apk/wolfi/terraformpkg:apk/wolfi/terragruntpkg:apk/wolfi/terragrunt-docspkg:apk/wolfi/tflintpkg:apk/wolfi/tflint-compatpkg:apk/wolfi/tfsecpkg:apk/wolfi/trivypkg:apk/wolfi/trivy-operatorpkg:apk/wolfi/wolfictlpkg:apk/wolfi/xeolpkg:apk/wolfi/xeol-compatpkg:apk/wolfi/zarfpkg:apk/wolfi/zotpkg:golang/github.com/hashicorp/go-getterpkg:rpm/opensuse/terragrunt&distro=openSUSE%20Tumbleweed
< 0.2.126-r0+ 129 more
- (no CPE)range: < 0.2.126-r0
- (no CPE)range: < 9.1.2-r2
- (no CPE)range: < 9.0.8-r16
- (no CPE)range: < 9.1.2-r2
- (no CPE)range: < 8.17.10-r20
- (no CPE)range: < 9.0.8-r18
- (no CPE)range: < 0.62.0-r3
- (no CPE)range: < 0.62.0-r3
- (no CPE)range: < 0.2.126-r0
- (no CPE)range: < 0.98.0-r1
- (no CPE)range: < 0.38.0-r1
- (no CPE)range: < 0.38.0-r1
- (no CPE)range: < 0.98.0-r1
- (no CPE)range: < 0.50.9-r6
- (no CPE)range: < 0.50.9-r5
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 3.0.38-r1
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 1.1298.3-r1
- (no CPE)range: < 2.1.0-r4
- (no CPE)range: < 1.31.0-r1
- (no CPE)range: < 1.31.0-r1
- (no CPE)range: < 1.5.7-r47
- (no CPE)range: < 1.10.5-r12
- (no CPE)range: < 1.10.5-r12
- (no CPE)range: < 1.10.5-r12
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.12.2-r4
- (no CPE)range: < 1.12.2-r4
- (no CPE)range: < 1.12.2-r4
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 1.10.5-r13
- (no CPE)range: < 1.10.5-r13
- (no CPE)range: < 1.10.5-r13
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.11.4-r7
- (no CPE)range: < 1.12.2-r3
- (no CPE)range: < 1.12.2-r3
- (no CPE)range: < 1.12.2-r3
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 1.9.8-r17
- (no CPE)range: < 0.85.0-r1
- (no CPE)range: < 0.85.0-r1
- (no CPE)range: < 0.58.1-r3
- (no CPE)range: < 0.58.1-r3
- (no CPE)range: < 1.28.14-r5
- (no CPE)range: < 0.65.0-r3
- (no CPE)range: < 0.65.0-r3
- (no CPE)range: < 0.28.0-r1
- (no CPE)range: < 0.28.0-r3
- (no CPE)range: < 0.38.11-r1
- (no CPE)range: < 0.10.8-r12
- (no CPE)range: < 0.10.8-r12
- (no CPE)range: < 0.10.8-r12
- (no CPE)range: < 0.60.0-r2
- (no CPE)range: < 2.1.7-r3
- (no CPE)range: < 0.62.0-r3
- (no CPE)range: < 0.98.0-r1
- (no CPE)range: < 0.50.9-r6
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 1.126.0-r1
- (no CPE)range: < 3.0.38-r1
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.10.5-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.7.10-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.8.11-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 1.9.3-r2
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 0.13.0-r3
- (no CPE)range: < 1.1298.3-r1
- (no CPE)range: < 2.1.0-r4
- (no CPE)range: < 1.31.0-r1
- (no CPE)range: < 1.5.7-r47
- (no CPE)range: < 0.85.0-r1
- (no CPE)range: < 0.85.0-r1
- (no CPE)range: < 0.58.1-r3
- (no CPE)range: < 0.58.1-r3
- (no CPE)range: < 1.28.14-r5
- (no CPE)range: < 0.65.0-r3
- (no CPE)range: < 0.28.0-r1
- (no CPE)range: < 0.38.11-r1
- (no CPE)range: < 0.10.8-r12
- (no CPE)range: < 0.10.8-r12
- (no CPE)range: < 0.60.0-r2
- (no CPE)range: < 2.1.7-r3
- (no CPE)range: < 1.7.9
- (no CPE)range: < 0.85.1-1.1
- HashiCorp/Shared libraryv5Range: 0
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-wjrx-6529-hcj3ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-8959ghsaADVISORY
- discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242ghsaWEB
- github.com/hashicorp/go-getter/commit/87541b2501c00df5eaedea6acc61a2a4a4efa5b7ghsaWEB
- pkg.go.dev/vuln/GO-2025-3892ghsaWEB
News mentions
0No linked articles in our index yet.