Security Advisory

CVE-2025-8959

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-08-15 20:32:52

Last updated 2025-08-15 20:46:06

Assigner HashiCorp

State PUBLISHED

Description

HashiCorps go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability, identified as CVE-2025-8959, is fixed in go-getter 1.7.9.

← Browse all CVEs View on cve.org ↗