CVE-2025-1386 MEDIUM

CVE-2025-1386: Query smuggling in ch-go library

Vendor Ch-Go
Product ch-go
Published April 11, 2025
Last update April 11, 2025

CVSS base score

5.9/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:H/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

When using the ch-go library, under a specific condition when the query includes a large, uncompressed malicious external data, it is possible for an attacker in control of such data to smuggle another query packet into the connection stream.

Key dates

02Disclosure timeline

April 11, 2025 CVE published
April 11, 2025 Record updated