CVE-2025-64118

CVSS v4.0

6.1

Medium

Vector

AV:L/AC:H/AT:P/PR:L/UI:P/VC:H/VI:L/VA:L/SC:H/SI:H/SA:H

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2

Description node-tar is a Tar for Node.js. When using the .t (also known as .list) function with the { sync: true } option to read tar entry contents, uninitialized memory contents may be returned if the tar file is modified on disk to a smaller size during the read operation.

Recommendations Update to version 7.5.2 or later.

Exploit

Fix

Time Of Check To Time Of Use

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367CWE-362

Related Identifiers

BDU:2026-01714

CVE-2025-64118

GHSA-29XP-372Q-XQPH

Affected Products

Node-Tar

CVE-2025-64118

Weakness Enumeration

Related Identifiers

Affected Products

References · 25