EUVD-2025-36735

🗓️ 30 Oct 2025 00:31:02Reported by EUVDType

The Parse function permits values other than IPv6 in URL host brackets; IPv4 addresses and hostnames must not be bracketed, and this is not enforced.

Reporter	Title	Published	Views	Family All 568
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	1 Dec 202516:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in DataStage on Cloud Pak for Data	25 Feb 202616:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Instana Observability is affected by multiple vulnerabilities within Instana Agent container image	10 Mar 202612:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to incorrect parse function values in net/url (CVE-2025-47912)	14 Apr 202617:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Guardium Data Security Center is affected by multiple vulnerabilities	23 Jan 202620:43	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container is vulnerable to denial of service and loss of confidentiality due to several findings in Golang binaries	19 Dec 202515:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities in IBM Business Automation Manager Open Editions.	11 Dec 202515:30	–	ibm
IBM Security Bulletins	Security Bulletin: File permission modification, improper access control, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	16 Feb 202615:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple secuirty vulnerabilies addressed with IBM Business Automation Workflow containers January 2026	30 Jan 202617:17	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities affect IBM watsonx Orchestrate with watsonx Assistant Cartridge	22 Jan 202602:58	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "dcc81799-c47e-3133-8d76-3e7b3eb4f5bd",
        "vendor": {
          "name": "Go standard library"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "027e85dd-ab26-39f0-b1b2-2c26334aa4c1",
        "product": {
          "name": "net/url"
        },
        "product_version": "0 <1.24.8"
      },
      {
        "id": "42c22700-3d18-32bb-a81f-7263a75ddafe",
        "product": {
          "name": "net/url"
        },
        "product_version": "1.25.0 <1.25.2"
      }
    ]
  }
]

Source	Link
go	www.go.dev/issue/75678
go	www.go.dev/cl/709857
groups	www.groups.google.com/g/golang-announce/c/4Emdl2iQ_bI
pkg	www.pkg.go.dev/vuln/GO-2025-4010
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-47912

30 Oct 2025 21:30Current

6.3Medium risk

Vulners AI Score6.3

CVSS 3.15.3

EPSS0.00026

SSVC