Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-61732

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Published

2026-02-05T04:15:50.873

Last Modified

2026-02-10T15:17:26.930

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 8.6 (HIGH)

Weaknesses

Type: Secondary
CWE-94

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	golang	go	< 1.24.13	Yes
Application	golang	go	< 1.25.7	Yes

References

https://go.dev/cl/734220 Patch, Product ([email protected])
https://go.dev/issue/76697 Issue Tracking, Vendor Advisory ([email protected])
https://groups.google.com/g/golang-announce/c/K09ubi9FQFk Mailing List, Release Notes ([email protected])
https://pkg.go.dev/vuln/GO-2026-4433 Vendor Advisory, Patch ([email protected])