Path Traversal Vulnerability in mholt/archiver by Go
CVE-2025-3445

8.1HIGH

Key Information:

Vendor: Github.com/mholt/archiver/v3
Status: Github.com/mholt/archiver/v3
Vendor: CVE Published:; 13 April 2025

🔔 Create Github.com/mholt/archiver/v3 Vulnerability Alert

What is CVE-2025-3445?

A Path Traversal vulnerability in mholt/archiver allows attackers to exploit crafted ZIP files with symlinks. By utilizing the archiver.Unarchive functionality, an attacker can overwrite files on the system, potentially leading to sensitive data exposure, privilege escalation, and unauthorized code execution. The issue arises when ZIP files are extracted, enabling attackers to manipulate filesystem paths, compromising application integrity. Users are advised to transition to the newer mholt/archives, which eliminates the vulnerable functionality.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

github.com/mholt/archiver/v3 v3.0.0

References

https://github.com/mholt/archiver/

product

CVSS V3.1

Score:

8.1

Severity:

HIGH

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Apr 13, 2025
Vulnerability Reserved
Apr 8, 2025

JSON

Github.com/mholt/archiver/v3