CVE-2025-22871
Description
Moderate: weldr-client security update
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9635.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9634.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9106.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-8916.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-8682.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9150.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9147.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9145.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9143.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-12831.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-9144.html
Vendor advisory: alma — https://errata.almalinux.org/9/ALSA-2025-8476.html
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-8918.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:8918
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-9845.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:9845
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-9844.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:9844
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-9060.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:9060
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-8667.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:8667
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-8478.html
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:8478
Vendor advisory: alma — https://errata.almalinux.org/8/ALSA-2025-9142.html
Vendor advisory: alma — https://bugzilla.redhat.com/2358493
Vendor advisory: alma — https://access.redhat.com/errata/RHSA-2025:9142
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:8682
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9147
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:12831
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9144
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9143
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9635
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:8476
Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2025-22871.html
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2025-22871
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:8667
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:8478
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9060
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9142
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:8918
Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2025:9845
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9635
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9634
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9150
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9147
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9145
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9144
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9143
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:9106
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:8916
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:8682
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:8476
Vendor advisory: redhat — https://access.redhat.com/errata/RHSA-2025:12831
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| rhel | 9 | fixed | |
| rocky | 8 | fixed | |
| debian | bookworm | affected | |
| debian | bullseye | affected | |
| debian | trixie | fixed | 1.24.2-1 |
| sles | affected | | |
| rocky | 9 | fixed | |
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | stdlib | >=1.24.0-0,<1.24.2 | 1.23.8 |
| Packagist | spiral/roadrunner | <2025.1.0 | 2025.1.0 |
| COMPOSER | spiral/roadrunner | < 2025.1.0 | 2025.1.0 |
References
- https://access.redhat.com/errata/RHSA-2025:12831
- https://access.redhat.com/errata/RHSA-2025:8476
- https://access.redhat.com/errata/RHSA-2025:8682
- https://access.redhat.com/errata/RHSA-2025:8916
- https://access.redhat.com/errata/RHSA-2025:9106
- https://access.redhat.com/errata/RHSA-2025:9143
- https://access.redhat.com/errata/RHSA-2025:9144
- https://access.redhat.com/errata/RHSA-2025:9145
- https://access.redhat.com/errata/RHSA-2025:9147
- https://access.redhat.com/errata/RHSA-2025:9150
- https://access.redhat.com/errata/RHSA-2025:9634
- https://access.redhat.com/errata/RHSA-2025:9635
- https://go.dev/cl/652998
- https://go.dev/issue/71988
- https://groups.google.com/g/golang-announce/c/Y2uBTVKjBQk
- https://pkg.go.dev/vuln/GO-2025-3563
- http://www.openwall.com/lists/oss-security/2025/04/04/4
- https://cert-portal.siemens.com/productcert/html/ssa-783943.html
- https://errata.rockylinux.org/RLSA-2025:9845
- https://errata.rockylinux.org/RLSA-2025:8918
- https://errata.rockylinux.org/RLSA-2025:9142
- https://errata.rockylinux.org/RLSA-2025:9060
- https://errata.rockylinux.org/RLSA-2025:8478
- https://errata.rockylinux.org/RLSA-2025:8667
- https://security-tracker.debian.org/tracker/CVE-2025-22871
Verify integrity in audit chain (admin only). AS-IS.