PT-2025-39311 · Fs/Tar+4 · Tar-Fs+4

Published

2025-01-01

Updated

2026-06-04

CVE-2025-59343

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions tar-fs versions prior to 3.1.1 tar-fs versions prior to 2.1.3 tar-fs version 1.16.5

Description tar-fs provides filesystem bindings for tar-stream. Affected versions are susceptible to a symlink validation bypass if the destination directory is predictable with a specific tarball. A workaround involves using the ignore option on non files/directories.

Recommendations Update tar-fs to version 3.1.1 or later. Update tar-fs to version 2.1.4 or later. Update tar-fs to version 1.16.6 or later. As a workaround, use the ignore option on non files/directories.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-61

Related Identifiers

BDU:2026-02201

CVE-2025-59343

DLA-4313-1

DSA-6013-1

GHSA-VJ76-C3G6-QR5V

OPENSUSE-SU-2025:15582-1

RHSA-2025:18979

RHSA-2025:19201

USN-8367-1

Affected Products

Confluence

Debian

Linuxmint

Ubuntu

Tar-Fs

PT-2025-39311 · Fs/Tar+4 · Tar-Fs+4

CVE-2025-59343

Weakness Enumeration

Related Identifiers

Affected Products

References · 33