PT-2025-23610 · Tarfile+10 · Tarfile+10

Chuck Woodraska

+6

·

Published

2025-06-03

·

Updated

2026-01-22

·

CVE-2025-4435

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:C/A:N
Name of the Vulnerable Software and Affected Versions The product name cannot be determined.
Description The issue concerns the behavior of TarFile when extracting with a filter and TarFile.errorlevel = 0. The documented behavior is that any filtered members should be skipped and not extracted. However, the actual behavior in affected versions is that the member would still be extracted and not skipped.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Path traversal

Weakness Enumeration

CWE-682CWE-22

Related Identifiers

ALSA-2025:10026
ALSA-2025:10031
ALSA-2025:10128
ALSA-2025:10136
ALSA-2025:10140
ALSA-2025:10148
ALSA-2025:10189
ALSA-2025:23530
AZL-62298
BDU:2025-09994
BIT-LIBPYTHON-2025-4435
BIT-PYTHON-2025-4435
BIT-PYTHON-MIN-2025-4435
CESA-2025_10026
CESA-2025_10031
CESA-2025_10128
CVE-2025-4435
ECHO-8B45-3518-603B
INFSA-2025_10026
INFSA-2025_10031
INFSA-2025_10128
INFSA-2025_10136
INFSA-2025_10148
INFSA-2025_10189
MGASA-2025-0280
OESA-2025-1789
OESA-2025-1790
OESA-2025-1791
OESA-2025-2304
OESA-2025-2305
OESA-2025-2538
OPENSUSE-SU-2025:15289-1
OPENSUSE-SU-2025:15713-1
PSF-2025-8
RHSA-2025:10026
RHSA-2025:10028
RHSA-2025:10031
RHSA-2025:10128
RHSA-2025:10136
RHSA-2025:10140
RHSA-2025:10148
RHSA-2025:10189
RHSA-2025:10399
RHSA-2025:10484
RHSA-2025:10602
RHSA-2025:9918
RHSA-2025_10026
RHSA-2025_10031
RHSA-2025_10128
RHSA-2025_10136
RHSA-2025_10148
RHSA-2025_10189
SUSE-SU-2025:02297-1
SUSE-SU-2025:02359-1
SUSE-SU-2025:02427-1
SUSE-SU-2025:02717-1
SUSE-SU-2025:02767-1
SUSE-SU-2025:02778-1
SUSE-SU-2025:20492-1
SUSE-SU-2025:20539-1
SUSE-SU-2025_02297-1
SUSE-SU-2025_02717-1
SUSE-SU-2025_02778-1
SUSE-SU-2026:0210-1
USN-7583-1

Affected Products

Almalinux
Astra Linux
Centos
Debian
Linuxmint
Red Hat
Red Os
Rocky Linux
Suse
Tarfile
Ubuntu