CVE-2025-22873

Publication date

2026-02-04 23:05:24

Family

Go

State

PUBLISHED

Description

It was possible to improperly access the parent directory of an os.Root by opening a filename ending in "../". For example, Root.Open("../") would open the parent directory of the Root. This escape only permits opening the parent directory itself, not ancestors of the parent or files contained within the parent.