CVE-2025-45582

CVSS v3.1

4.1

Medium

Vector

AV:L/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions: GNU Tar versions through 1.35

Description: GNU Tar through version 1.35 is susceptible to a directory traversal vulnerability that allows for file overwrites within crafted TAR archives. The vulnerability requires a two-step process: first, extracting an archive containing a ../ symlink to a critical directory, and second, extracting an archive containing a critical file specified via a relative pathname beginning with the symlink name. This process bypasses the standard protection mechanism that prevents file access through paths containing ... An example of this attack involves an archive containing "x -> ../../../../../home/victim/.ssh" followed by an archive containing "x/authorized keys", potentially overwriting the authorized keys file. This issue can impact server applications that automatically extract user-supplied TAR archives and software installation processes involving multiple tar xf commands.

Recommendations: Versions prior to 1.36 are affected.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-24

Related Identifiers

ALSA-2026:0002

ALSA-2026:0067

AZL-65082

AZL-65538

BDU:2026-00339

CVE-2025-45582

ECHO-02F8-DF1A-3B35

OESA-2026-1091

OESA-2026-1092

OESA-2026-1093

OESA-2026-1094

OESA-2026-1095

OESA-2026-1096

OPENSUSE-SU-2026:10743-1

OPENSUSE-SU-2026:20472-1

RHSA-2026:0002

RHSA-2026:0067

RHSA-2026:0135

RHSA-2026:0434

RHSA-2026:0435

SUSE-SU-2026:1177-1

SUSE-SU-2026:20955-1

SUSE-SU-2026:20959-1

SUSE-SU-2026:21002-1

SUSE-SU-2026:21143-1

Affected Products

Debian

Gnu Tar

Red Hat

Red Os

Rocky Linux

CVE-2025-45582

Weakness Enumeration

Related Identifiers

Affected Products

References · 64