Vulnerability Report: GO-2025-3974
- CVE-2025-59410, GHSA-mcvp-rpgg-9273
- Affects: d7y.io/dragonfly/v2, github.com/dragonflyoss/dragonfly
- Published: Sep 24, 2025
DragonFly's tiny file download uses hard coded HTTP protocol in d7y.io/dragonfly
For detailed information about this vulnerability, visit https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-mcvp-rpgg-9273 or https://nvd.nist.gov/vuln/detail/CVE-2025-59410.
Affected Packages
-
PathVersionsSymbols
Aliases
References
- https://github.com/dragonflyoss/dragonfly/security/advisories/GHSA-mcvp-rpgg-9273
- https://nvd.nist.gov/vuln/detail/CVE-2025-59410
- https://github.com/dragonflyoss/dragonfly/blob/main/docs/security/dragonfly-comprehensive-report-2023.pdf
- https://vuln.go.dev/ID/GO-2025-3974.json
Feedback
See anything missing or incorrect?
Suggest an edit to this report.