Red Hat Security Advisory: go-toolset:rhel8 security update
Two moderate severity vulnerabilities affecting the Go Toolset in Red Hat Enterprise Linux 8. 4 have been addressed. CVE-2025-47906 involves unexpected paths returned from the LookPath function in the os/exec package. CVE-2025-58183 concerns unbounded memory allocation when parsing GNU sparse maps in the archive/tar package. These issues could potentially lead to unexpected behavior or resource exhaustion. Red Hat has released security updates for the affected packages to remediate these vulnerabilities.
AI Analysis
Technical Summary
The Red Hat go-toolset for RHEL 8.4 includes fixes for two security vulnerabilities: CVE-2025-47906, where the os/exec package's LookPath function returns unexpected paths, potentially causing incorrect command execution paths; and CVE-2025-58183, where the archive/tar package can perform unbounded memory allocation when parsing GNU sparse maps, leading to possible resource exhaustion. These vulnerabilities have been rated as moderate severity by Red Hat Product Security. The advisory references updated packages and provides instructions for applying the security update.
Potential Impact
The vulnerabilities may cause unexpected behavior in Go programs relying on os/exec LookPath, potentially leading to incorrect path resolution. The unbounded allocation issue in archive/tar could result in excessive memory consumption, impacting system stability or availability. No known exploits are reported in the wild. The impact is considered moderate by Red Hat.
Mitigation Recommendations
Red Hat has issued official security updates for the go-toolset packages in RHEL 8.4 to address these vulnerabilities. Users should apply the provided updates as detailed in the Red Hat advisory (RHSA-2025:23741) and the referenced article https://access.redhat.com/articles/11258. No additional mitigations are indicated or required beyond applying the official patches.
Red Hat Security Advisory: go-toolset:rhel8 security update
Description
Two moderate severity vulnerabilities affecting the Go Toolset in Red Hat Enterprise Linux 8. 4 have been addressed. CVE-2025-47906 involves unexpected paths returned from the LookPath function in the os/exec package. CVE-2025-58183 concerns unbounded memory allocation when parsing GNU sparse maps in the archive/tar package. These issues could potentially lead to unexpected behavior or resource exhaustion. Red Hat has released security updates for the affected packages to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Red Hat go-toolset for RHEL 8.4 includes fixes for two security vulnerabilities: CVE-2025-47906, where the os/exec package's LookPath function returns unexpected paths, potentially causing incorrect command execution paths; and CVE-2025-58183, where the archive/tar package can perform unbounded memory allocation when parsing GNU sparse maps, leading to possible resource exhaustion. These vulnerabilities have been rated as moderate severity by Red Hat Product Security. The advisory references updated packages and provides instructions for applying the security update.
Potential Impact
The vulnerabilities may cause unexpected behavior in Go programs relying on os/exec LookPath, potentially leading to incorrect path resolution. The unbounded allocation issue in archive/tar could result in excessive memory consumption, impacting system stability or availability. No known exploits are reported in the wild. The impact is considered moderate by Red Hat.
Mitigation Recommendations
Red Hat has issued official security updates for the go-toolset packages in RHEL 8.4 to address these vulnerabilities. Users should apply the provided updates as detailed in the Red Hat advisory (RHSA-2025:23741) and the referenced article https://access.redhat.com/articles/11258. No additional mitigations are indicated or required beyond applying the official patches.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:23741
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58183"]
- Cvss Version
- null
Threat ID: 6a160974e29bf47b5063d55a
Added to database: 5/26/2026, 8:58:28 PM
Last enriched: 5/27/2026, 12:19:53 AM
Last updated: 5/27/2026, 3:59:52 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.