Security Advisory

CVE-2025-22873

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-02-04 23:05:24

Last updated 2026-02-05 15:03:55

Assigner Go

State PUBLISHED

Description

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.

← Browse all CVEs View on cve.org ↗