CVE-2025-61732

Description

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

Affected packages (6)

• Bitnami/golangfrom 0, < 1.24.13, >= 1.25.0-0, < 1.25.7
• Debian/golang-1.15from 0
• Debian/golang-1.19from 0
• Debian/golang-1.24from 0
• Debian/golang-1.25from 0, < 1.25.7-1
• Go/toolchainfrom 0, < 1.24.13, >= 1.25.0-0, < 1.25.7

CVSS scores

References (6)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2025-61732
• PATCHhttps://go.dev/cl/734220
• REPORThttps://go.dev/issue/76697
• WEBhttps://groups.google.com/g/golang-announce/c/K09ubi9FQFk
• WEBhttps://nvd.nist.gov/vuln/detail/CVE-2025-61732
• WEBhttps://pkg.go.dev/vuln/GO-2026-4433