CVE-2025-61731

high

Red Hat

CVSS v3 Base Score

8.6

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.0%

Exploitation probability in 30 days

Top 99% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Confidentiality

High

Integrity

High

Availability

High

Published: January 28, 2026 (106 days ago)

Last Modified: January 28, 2026

Vendor: Red Hat

Fix Available: ✓ Yes

Description

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to the Go pkg-config command. An attacker can provide a "--log-file" argument to this directive, causing pkg-config to write to an attacker-controlled location.

CWE

CWE-88

Affected Products

OpenShift Service Mesh 3Red Hat Enterprise Linux 10Red Hat Enterprise Linux 8Red Hat Enterprise Linux 9Red Hat OpenShift Virtualization 4Red Hat OpenShift Container Platform 4.2Red Hat OpenShift Service Mesh 2.6

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev

CVE-2025-61731

Vulnerability Report

Description

CWE

Affected Products

Fix Status

References