CVE-2025-61732

high

Red Hat

CVSS v3 Base Score

7.4

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Published: February 5, 2026

Last Modified: February 5, 2026

Vendor: Red Hat

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Affected Products

OpenShift Service Mesh 3Red Hat Enterprise Linux 9Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev

CVE-2025-61732

Vulnerability Report

Description

Affected Products

Fix Status

References