VYPR
High severityNVD Advisory· Published Aug 15, 2025· Updated Aug 15, 2025

HashiCorp go-getter Vulnerable to Arbitrary Read through Symlink Attack

CVE-2025-8959

Description

HashiCorp's go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/hashicorp/go-getterGo
< 1.7.91.7.9

Affected products

131

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.