CVE-2025-47907

HIGH severity · CVSS 7 · CWE-362

7CVSS HIGH

Summary

Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.

Impact & exploitability

Attack vectorNetwork

Attack complexityHigh

Privileges requiredNone

User interactionNone

Confidentiality impactHigh

Integrity impactLow

Availability impactLow

Exploit probability (EPSS)0%

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L

Affected products we track (1)

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://go.dev/cl/693735 ↗

Additional information

NVD record
https://go.dev/cl/693735Patch
https://pkg.go.dev/vuln/GO-2025-3849Advisory
https://go.dev/issue/74831Advisory
https://groups.google.com/g/golang-announce/c/x5MKroML2yM
http://www.openwall.com/lists/oss-security/2025/08/06/1