CVE-2025-61732

high Red Hat
CVSS v3 Base Score
7.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.0%
Exploitation probability in 30 days
Top 100% most likely to be exploited
Attack Characteristics
Attack Vector
Network
Attack Complexity
High
Privileges Required
None
User Interaction
None
Confidentiality
High
Integrity
High
Availability
None
Published: February 5, 2026 (98 days ago)
Last Modified: February 5, 2026
Vendor: Red Hat
Fix Available: ✓ Yes

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Affected Products

OpenShift Service Mesh 3Red Hat Enterprise Linux 9Red Hat OpenShift Virtualization 4Red Hat Enterprise Linux 10Red Hat Enterprise Linux 10.0 Extended Update SupportRed Hat Enterprise Linux 8Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-OnRed Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support

Fix Status

✅ Fix Available

References

🔗 bugzilla.redhat.com 🔗 www.cve.org 🔗 nvd.nist.gov 🔗 go.dev 🔗 go.dev