PT-2025-23554 · Fs/Tar+4 · Tar-Fs+4

Mafintosh

·

Publicado

2025-05-22

·

Atualizado

2026-06-04

·

CVE-2025-48387

CVSS v2.0

10

Alta

VetorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions tar-fs versions prior to 3.0.9 tar-fs versions prior to 2.1.3 tar-fs versions prior to 1.16.5
Description The issue in tar-fs allows an extract to write outside the specified directory with a specific tarball. This is due to improper limitation of a pathname to a restricted directory, also known as path traversal.
Recommendations For versions prior to 3.0.9, update to version 3.0.9 or later. For versions prior to 2.1.3, update to version 2.1.3 or later. For versions prior to 1.16.5, update to version 1.16.5 or later. As a temporary workaround, consider using the ignore option to ignore non-files/directories.

Exploit

Correção

RCE

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

AZL-62236
BDU:2025-10095
CVE-2025-48387
DLA-4214-1
GHSA-8CJ5-5RVV-WF4V
GHSA-XRG4-QP5W-2C3W
MGASA-2025-0194
USN-8367-1

Produtos afetados

Confluence
Debian
Linuxmint
Ubuntu
Tar-Fs