CVE-2025-3445

Name of the Vulnerable Software and Affected Versions: mholt/archiver versions (affected versions not specified)

Description: A Path Traversal "Zip Slip" vulnerability has been identified in the mholt/archiver library in Go. This issue allows an attacker to use a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or the application utilizing the library. When using the archiver.Unarchive functionality with ZIP files, a crafted ZIP file can be extracted in such a way that it writes files to the affected system with the same privileges as the application executing this vulnerable functionality. This could lead to sensitive files being overwritten, potentially resulting in privilege escalation, code execution, and other severe outcomes.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.