CVE-2025-68119
CVE Details
Visit the official vulnerability details page for CVE-2025-68119 to learn more.
Initial Publication
01/28/2026
Last Update
02/06/2026
Third Party Dependency
go
NIST CVE Summary
Downloading and building modules with malicious version strings can cause local code execution. On systems with Mercurial (hg) installed, downloading modules from non-standard sources (e.g., custom domains) can cause unexpected code execution due to how external VCS commands are constructed. This issue can also be triggered by providing a malicious version string to the toolchain. On systems with Git installed, downloading and building modules with malicious version strings can allow an attacker to write to arbitrary files on the filesystem. This can only be triggered by explicitly providing the malicious version strings to the toolchain and does not affect usage of @latest or bare module paths.
CVE Severity
Our Official Summary
Investigation is ongoing to determine how this vulnerability affects our products.
Status
Analyzed
Affected Products & Versions
| Version | PaletteAI | PaletteAI VerteX |
|---|---|---|
| 0.7.1 | ⚠️ Impacted | ⚠️ Impacted |
| 0.6.6 | ⚠️ Impacted | ⚠️ Impacted |
| 0.5.11 | ⚠️ Impacted | ⚠️ Impacted |
Revision History
No revisions available.