PT-2025-17645 · Busybox+2 · Busybox+2

Ian Norton

Published

2025-04-23

Updated

2026-05-18

CVE-2025-46394

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions BusyBox versions through 1.37.0

Description A TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Recommendations For versions through 1.37.0, consider updating to a version that fixes this issue to prevent filenames from being hidden in TAR archives.

Fix

UI Misrepresentation of Critical Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-451

Related Identifiers

AZL-60936

AZL-61191

BDU:2026-05691

CLEANSTART-2026-GV62494

CLEANSTART-2026-OL25917

CLEANSTART-2026-QO29688

CVE-2025-46394

ECHO-B00E-22B9-2A35

OESA-2025-1881

OESA-2025-1882

OESA-2025-1883

OESA-2025-1884

OESA-2025-1885

OESA-2025-1886

OPENSUSE-SU-2025:15834-1

OPENSUSE-SU-2026:20090-1

SUSE-SU-2026:0235-1

SUSE-SU-2026:0236-1

SUSE-SU-2026:0872-1

SUSE-SU-2026:0892-1

SUSE-SU-2026:20134-1

Affected Products

Busybox

Debian

Red Os

PT-2025-17645 · Busybox+2 · Busybox+2

CVE-2025-46394

Weakness Enumeration

Related Identifiers

Affected Products

References · 169