CVE-2025-13425

Vulnerability Description

A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out of range) and an application crash (denial of service) in OSV-SCALIBR.

Related Weaknesses (CWE)

CWE-476

References

https://github.com/google/osv-scalibr/commit/e67c4e198ca099cb7c16957a80f6c5331d9

FAQ

What is CVE-2025-13425?

CVE-2025-13425 is a documented vulnerability. A bug in the filesystem traversal fallback path causes fs/diriterate/diriterate.go:Next() to overindex an empty slice when ReadDir returns nil for an empty directory, resulting in a panic (index out o...

How severe is CVE-2025-13425?

CVSS scoring is not yet available for CVE-2025-13425. Check NVD for updates.

Is there a patch for CVE-2025-13425?

Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.