๐Ÿ” CVE Alert

CVE-2025-61732

HIGH 8.6

Potential code smuggling via doc comments in cmd/cgo

CVSS Score
8.6
EPSS Score
0.0%
EPSS Percentile
0th

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Vendor go toolchain
Product cmd/cgo
Published Feb 5, 2026
Last Updated Jun 30, 2026
Stay Ahead of the Next One

Get instant alerts for go toolchain cmd/cgo

Be the first to know when new high vulnerabilities affecting go toolchain cmd/cgo are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Go toolchain / cmd/cgo
0 < 1.24.13 1.25.0-0 < 1.25.7

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
go.dev: https://go.dev/cl/734220 go.dev: https://go.dev/issue/76697 groups.google.com: https://groups.google.com/g/golang-announce/c/K09ubi9FQFk pkg.go.dev: https://pkg.go.dev/vuln/GO-2026-4433 access.redhat.com: https://access.redhat.com/security/cve/CVE-2025-61732 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2437016 security.access.redhat.com: https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-61732.json access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3192 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2706 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2708 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3468 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3470 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3489 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3471 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3473 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3472 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3469 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3193 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2709 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7385 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:7291 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:12282 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14100 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:21691 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:15091 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:14774 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:10104 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5907 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:8448 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5133 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:4434 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3855 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:2844 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3559 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:3556 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5948 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5950 access.redhat.com: https://access.redhat.com/errata/RHSA-2026:5952

Credits

RyotaK (https://ryotak.net) of GMO Flatt Security Inc.