Vulnerability Description
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.23.12 |
Related Weaknesses (CWE)
References
- https://go.dev/cl/693735Patch
- https://go.dev/issue/74831Issue TrackingThird Party Advisory
- https://groups.google.com/g/golang-announce/c/x5MKroML2yMMailing ListRelease Notes
- https://pkg.go.dev/vuln/GO-2025-3849Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/08/06/1Mailing ListRelease Notes
FAQ
What is CVE-2025-47907?
CVE-2025-47907 is a vulnerability with a CVSS score of 7.0 (HIGH). Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being...
How severe is CVE-2025-47907?
CVE-2025-47907 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-47907?
Check the references section above for vendor advisories and patch information. Affected products include: Golang Go.