rootio-golang-1.24: Unauthenticated Remote Code Execution via Specially Crafted HTTP Request

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

rootio-golang-1.24: Unauthenticated Remote Code Execution via Specially Crafted HTTP Request

ROOT-OS-DEBIAN-13-CVE-2025-47912

Summary

An attacker can send a malicious HTTP request to the rootio-golang-1.24 service, potentially allowing them to execute arbitrary code on the affected system. This issue affects Root Debian 13 users who have installed the rootio-golang-1.24 package. Users should update to a patched version of the package to prevent this risk.

What to do

Update rootio-golang-1.24 to version 1.24.4-1.root.io.16.

Affected software

Vendor	Product	Affected versions	Fix available
–	rootio-golang-1.24	<= 1.24.4-1.root.io.16	1.24.4-1.root.io.16

Original title

CVE-2025-47912 in rootio-golang-1.24 - Patched by Root

Original description

Root has patched CVE-2025-47912 in the rootio-golang-1.24 package for Root:Debian:13. Multiple fixed versions available.

Published: 6 Mar 2026 · Updated: 6 Mar 2026 · First seen: 6 Mar 2026