CVE-2025-61732HIGH 8.6EPSS p10.5%

CVE-2025-61732CVE-2025-61732

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Scoring

CVSS 3.18.6 (HIGH)
VectorCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
EPSS0.21% probability of exploitation · percentile 10.5% · 2026-06-19T12:03:05Z
Published2026-02-05
Last modified2026-02-10

Underlying weaknesses· 1

CWE-94

References

  1. https://go.dev/cl/734220
  2. https://go.dev/issue/76697
  3. https://groups.google.com/g/golang-announce/c/K09ubi9FQFk
  4. https://pkg.go.dev/vuln/GO-2026-4433

1

TypeTargetConfidenceTier
WeaknessImproper Control of Generation of Code ('Code Injection')cwe-940%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2026-27140
CVE
CVE-2025-4674
CVE
CVE-2025-27060
CVE
CVE-2025-27059
CVE
CVE-2026-25260
CVE
CVE-2026-42507
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.