Red Hat Security Advisory: go-toolset:rhel8 security update
This advisory addresses two security vulnerabilities in the Go Toolset provided by Red Hat for Red Hat Enterprise Linux 8. 2 AUS. The first vulnerability (CVE-2025-47906) involves unexpected paths returned from the LookPath function in the os/exec package. The second vulnerability (CVE-2025-58183) concerns unbounded memory allocation when parsing GNU sparse maps in the archive/tar package. Red Hat has released an update to fix these issues, rated with moderate security impact. No known exploits are reported in the wild. Users of affected Red Hat Enterprise Linux 8. 2 AUS systems should apply the provided update to remediate these vulnerabilities.
AI Analysis
Technical Summary
The Red Hat security advisory RHSA-2025:23740 reports two vulnerabilities in the Go Toolset for Red Hat Enterprise Linux 8.2 AUS. CVE-2025-47906 is related to the os/exec package where LookPath may return unexpected paths, potentially leading to security concerns. CVE-2025-58183 involves the archive/tar package where parsing GNU sparse maps can cause unbounded memory allocation, which may lead to resource exhaustion. Red Hat has issued updated packages to address these vulnerabilities. The advisory rates the security impact as moderate and provides references for patch application. No CVSS scores are provided in the advisory, and no exploits are known in the wild.
Potential Impact
The vulnerabilities could lead to unexpected behavior in path resolution (CVE-2025-47906) and excessive memory allocation (CVE-2025-58183) when processing certain inputs in the Go Toolset. These issues may affect applications built with or using the Go Toolset on Red Hat Enterprise Linux 8.2 AUS. The overall security impact is rated moderate by Red Hat. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated packages for the Go Toolset in Red Hat Enterprise Linux 8.2 AUS that address these vulnerabilities. Users should apply the security update as detailed in Red Hat advisory RHSA-2025:23740 and the referenced article https://access.redhat.com/articles/11258 to remediate the issues. Since this is not a cloud service, remediation requires applying the vendor-provided update. No additional mitigation steps are specified or required beyond applying the official update.
Red Hat Security Advisory: go-toolset:rhel8 security update
Description
This advisory addresses two security vulnerabilities in the Go Toolset provided by Red Hat for Red Hat Enterprise Linux 8. 2 AUS. The first vulnerability (CVE-2025-47906) involves unexpected paths returned from the LookPath function in the os/exec package. The second vulnerability (CVE-2025-58183) concerns unbounded memory allocation when parsing GNU sparse maps in the archive/tar package. Red Hat has released an update to fix these issues, rated with moderate security impact. No known exploits are reported in the wild. Users of affected Red Hat Enterprise Linux 8. 2 AUS systems should apply the provided update to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat security advisory RHSA-2025:23740 reports two vulnerabilities in the Go Toolset for Red Hat Enterprise Linux 8.2 AUS. CVE-2025-47906 is related to the os/exec package where LookPath may return unexpected paths, potentially leading to security concerns. CVE-2025-58183 involves the archive/tar package where parsing GNU sparse maps can cause unbounded memory allocation, which may lead to resource exhaustion. Red Hat has issued updated packages to address these vulnerabilities. The advisory rates the security impact as moderate and provides references for patch application. No CVSS scores are provided in the advisory, and no exploits are known in the wild.
Potential Impact
The vulnerabilities could lead to unexpected behavior in path resolution (CVE-2025-47906) and excessive memory allocation (CVE-2025-58183) when processing certain inputs in the Go Toolset. These issues may affect applications built with or using the Go Toolset on Red Hat Enterprise Linux 8.2 AUS. The overall security impact is rated moderate by Red Hat. There are no reports of active exploitation in the wild at this time.
Mitigation Recommendations
Red Hat has released updated packages for the Go Toolset in Red Hat Enterprise Linux 8.2 AUS that address these vulnerabilities. Users should apply the security update as detailed in Red Hat advisory RHSA-2025:23740 and the referenced article https://access.redhat.com/articles/11258 to remediate the issues. Since this is not a cloud service, remediation requires applying the vendor-provided update. No additional mitigation steps are specified or required beyond applying the official update.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:23740
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58183"]
- Cvss Version
- null
Threat ID: 6a160974e29bf47b5063d569
Added to database: 5/26/2026, 8:58:28 PM
Last enriched: 5/27/2026, 12:19:45 AM
Last updated: 5/27/2026, 4:54:43 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.