Red Hat Security Advisory: golang security update
Two security vulnerabilities affecting the golang packages in Red Hat Enterprise Linux 9. 4 Extended Update Support have been identified and addressed. The first (CVE-2025-61731) involves an arbitrary file write vulnerability via a malicious pkg-config directive in the cmd/go tool. The second (CVE-2026-25679) concerns incorrect parsing of IPv6 host literals in the net/url package. Red Hat has released updated golang packages that fix these issues. The advisory rates the security impact as Important (high severity). No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to remediate these vulnerabilities.
AI Analysis
Technical Summary
The golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support contain two vulnerabilities: CVE-2025-61731 allows arbitrary file write through a malicious pkg-config directive in the cmd/go tool, and CVE-2026-25679 involves incorrect parsing of IPv6 host literals in the net/url package. These issues could potentially lead to security risks such as unauthorized file modification or incorrect URL parsing. Red Hat has issued updated golang packages to address these vulnerabilities, as detailed in advisory RHSA-2026:7834. The update is rated as Important by Red Hat Product Security.
Potential Impact
The arbitrary file write vulnerability (CVE-2025-61731) could allow an attacker to write files arbitrarily via a crafted pkg-config directive, potentially leading to unauthorized file modifications. The incorrect parsing of IPv6 host literals (CVE-2026-25679) may cause improper handling of URLs, which could affect applications relying on net/url for URL parsing. Red Hat rates these vulnerabilities as Important, indicating a high security impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply these official patches as detailed in Red Hat advisory RHSA-2026:7834 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Red Hat Security Advisory: golang security update
Description
Two security vulnerabilities affecting the golang packages in Red Hat Enterprise Linux 9. 4 Extended Update Support have been identified and addressed. The first (CVE-2025-61731) involves an arbitrary file write vulnerability via a malicious pkg-config directive in the cmd/go tool. The second (CVE-2026-25679) concerns incorrect parsing of IPv6 host literals in the net/url package. Red Hat has released updated golang packages that fix these issues. The advisory rates the security impact as Important (high severity). No known exploits in the wild have been reported. Users of affected Red Hat Enterprise Linux versions should apply the provided updates to remediate these vulnerabilities.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support contain two vulnerabilities: CVE-2025-61731 allows arbitrary file write through a malicious pkg-config directive in the cmd/go tool, and CVE-2026-25679 involves incorrect parsing of IPv6 host literals in the net/url package. These issues could potentially lead to security risks such as unauthorized file modification or incorrect URL parsing. Red Hat has issued updated golang packages to address these vulnerabilities, as detailed in advisory RHSA-2026:7834. The update is rated as Important by Red Hat Product Security.
Potential Impact
The arbitrary file write vulnerability (CVE-2025-61731) could allow an attacker to write files arbitrarily via a crafted pkg-config directive, potentially leading to unauthorized file modifications. The incorrect parsing of IPv6 host literals (CVE-2026-25679) may cause improper handling of URLs, which could affect applications relying on net/url for URL parsing. Red Hat rates these vulnerabilities as Important, indicating a high security impact. There are no known exploits in the wild at this time.
Mitigation Recommendations
Red Hat has released updated golang packages for Red Hat Enterprise Linux 9.4 Extended Update Support that address these vulnerabilities. Users should apply these official patches as detailed in Red Hat advisory RHSA-2026:7834 and the referenced article https://access.redhat.com/articles/11258. No additional mitigation steps are indicated by the vendor advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2026:7834
- Cve Count
- 2
- Additional Cves
- ["CVE-2026-25679"]
- Cvss Version
- null
Threat ID: 6a16097fe29bf47b5064b2f4
Added to database: 5/26/2026, 8:58:39 PM
Last enriched: 5/26/2026, 10:24:31 PM
Last updated: 5/27/2026, 4:50:49 AM
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.