CVE-2025-47912
Unknown Unknown - Not Provided

BaseFortify

Vulnerability report for CVE-2025-47912, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2025-10-29

Last updated on: 2025-11-04

Assigner: Go Project

Description

The Parse function permits values other than IPv6 addresses to be included in square brackets within the host component of a URL. RFC 3986 permits IPv6 addresses to be included within the host component, enclosed within square brackets. For example: "http://[::1]/". IPv4 addresses and hostnames must not appear within square brackets. Parse did not enforce this requirement.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2025-10-29
Last Modified
2025-11-04
Generated
2026-07-06
AI Q&A
2025-10-30
EPSS Evaluated
2026-07-05
NVD

Affected Vendors & Products

Showing 3 associated CPEs
Vendor Product Version / Range
golang go From 1.25.0 (inc) to 1.25.2 (inc)
golang go 1.25.2
golang go 1.24.8

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs because the Parse function allows values other than IPv6 addresses to be enclosed in square brackets within the host component of a URL. According to RFC 3986, only IPv6 addresses should be enclosed in square brackets in the host part of a URL, while IPv4 addresses and hostnames must not be enclosed this way. The Parse function does not enforce this rule, which can lead to improper URL parsing.

Impact Analysis

This vulnerability can lead to incorrect parsing of URLs, potentially causing security issues such as bypassing input validation, misrouting of network requests, or other unexpected behavior in applications that rely on strict URL parsing. This could be exploited to manipulate how URLs are interpreted, possibly leading to security risks.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-47912. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart