Red Hat Security Advisory: golang security update
Two security vulnerabilities affecting the golang packages in Red Hat Enterprise Linux 9. 0 have been addressed. CVE-2025-47906 involves unexpected paths returned from the LookPath function in the os/exec package. CVE-2025-58183 concerns unbounded memory allocation when parsing GNU sparse map files in the archive/tar package. Red Hat has released an update to fix these issues, rated with moderate security impact. No known exploits are reported in the wild. The vulnerabilities affect multiple architectures supported by Red Hat Enterprise Linux 9. 0. Users are advised to apply the provided update to remediate these issues.
AI Analysis
Technical Summary
The golang packages in Red Hat Enterprise Linux 9.0 contain two vulnerabilities: CVE-2025-47906 in the os/exec package where LookPath may return unexpected paths, and CVE-2025-58183 in the archive/tar package involving unbounded allocation when parsing GNU sparse map files. These issues could lead to unexpected behavior or resource exhaustion. Red Hat has issued a security advisory (RHSA-2025:22899) with updated golang packages to address these vulnerabilities. The advisory covers multiple architectures including x86_64, ppc64le, aarch64, and s390x. No CVSS scores are provided, but the impact is rated as moderate by Red Hat. There are no known exploits in the wild at this time.
Potential Impact
The vulnerabilities may cause unexpected behavior in path resolution (CVE-2025-47906) and potential unbounded memory allocation (CVE-2025-58183) when parsing certain archive files. This could lead to application errors or resource exhaustion in affected systems using the golang compiler and related tools. The overall security impact is rated moderate by Red Hat. No active exploitation has been reported.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.0 that address these vulnerabilities. Users should apply the official security update as described in Red Hat advisory RHSA-2025:22899 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor. Patch status is confirmed as an official fix available from Red Hat.
Red Hat Security Advisory: golang security update
Description
Two security vulnerabilities affecting the golang packages in Red Hat Enterprise Linux 9. 0 have been addressed. CVE-2025-47906 involves unexpected paths returned from the LookPath function in the os/exec package. CVE-2025-58183 concerns unbounded memory allocation when parsing GNU sparse map files in the archive/tar package. Red Hat has released an update to fix these issues, rated with moderate security impact. No known exploits are reported in the wild. The vulnerabilities affect multiple architectures supported by Red Hat Enterprise Linux 9. 0. Users are advised to apply the provided update to remediate these issues.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The golang packages in Red Hat Enterprise Linux 9.0 contain two vulnerabilities: CVE-2025-47906 in the os/exec package where LookPath may return unexpected paths, and CVE-2025-58183 in the archive/tar package involving unbounded allocation when parsing GNU sparse map files. These issues could lead to unexpected behavior or resource exhaustion. Red Hat has issued a security advisory (RHSA-2025:22899) with updated golang packages to address these vulnerabilities. The advisory covers multiple architectures including x86_64, ppc64le, aarch64, and s390x. No CVSS scores are provided, but the impact is rated as moderate by Red Hat. There are no known exploits in the wild at this time.
Potential Impact
The vulnerabilities may cause unexpected behavior in path resolution (CVE-2025-47906) and potential unbounded memory allocation (CVE-2025-58183) when parsing certain archive files. This could lead to application errors or resource exhaustion in affected systems using the golang compiler and related tools. The overall security impact is rated moderate by Red Hat. No active exploitation has been reported.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.0 that address these vulnerabilities. Users should apply the official security update as described in Red Hat advisory RHSA-2025:22899 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor. Patch status is confirmed as an official fix available from Red Hat.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:22899
- Cve Count
- 2
- Additional Cves
- ["CVE-2025-58183"]
- Cvss Version
- null
Threat ID: 6a160974e29bf47b5063ebe0
Added to database: 5/26/2026, 8:58:28 PM
Last enriched: 5/27/2026, 12:05:28 AM
Last updated: 5/27/2026, 4:54:40 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.