CVE-2025-8959 Information

Aug 16, 2025 cve

Description

HashiCorp’s go-getter library subdirectory download feature is vulnerable to symlink attacks leading to unauthorized read access beyond the designated directory boundaries. This vulnerability identified as CVE-2025-8959 is fixed in go-getter 1.7.9.

Reference

https://discuss.hashicorp.com/t/hcsec-2025-23-hashicorp-go-getter-vulnerable-to-arbitrary-read-through-symlink-attack/76242

CNNVD-202508-1878 (Published: 2025-08-15)

Share on:

CVE-2025-8959 Information

Description

Reference

Related CNNVD