CVE-2025-47907
HIGHDescription
Cancelling a query (e.g. by cancelling the context passed to one of the query methods) during a call to the Scan method of the returned Rows can result in unexpected results if other queries are being made in parallel. This can result in a race condition that may overwrite the expected results with those of another query, causing the call to Scan to return either unexpected results from the other query or an error.
Is your site exposed to CVE-2025-47907?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| golang | go |
| golang | go |
References
Frequently Asked Questions
What is CVE-2025-47907? +
How severe is CVE-2025-47907? +
What products are affected by CVE-2025-47907? +
How do I check if I'm vulnerable to CVE-2025-47907? +
Related Vulnerabilities
OwnTone Server versions 28.4 through 29.0 contain a race condition vulnerability in the DAAP login handler that allows unauthenticated attackers …
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an …
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue …
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Angular uses a …
go-tuf is a Go implementation of The Update Framework (TUF). The go-tuf client inconsistently traces the delegations. For example, if …
node-tar is a Tar for Node.js. In 7.5.1, using .t (aka .list) with { sync: true } to read tar …