Directory Traversal Vulnerability in GNU Tar Affecting File Overwrites
CVE-2025-45582

4.1MEDIUM

Key Information:

Vendor

Gnu
Status
Tar
Vendor
CVE Published:
11 July 2025

What is CVE-2025-45582?

GNU Tar versions up to 1.35 are susceptible to a directory traversal vulnerability that allows malicious actors to overwrite critical files through crafted TAR archives. The exploit employs a two-step process: first, an archive is extracted containing a symlink that directs to a vital directory, such as a user's home directory. Second, a subsequent archive is extracted which includes a critical file, targeting the original file with a relative pathname that begins with the symlink. This approach circumvents the standard protection by exploiting the traversal mechanism and can pose significant risks to server applications that process untrusted TAR files, potentially leading to unauthorized access and information disclosure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Tar 0 <= 1.35

References

https://github.com/i900008/vulndb/blob/main/Gnu_tar_vuln.md
https://www.gnu.org/software/tar/
https://www.gnu.org/software/tar/manual/html_node/Securit...

CVSS V3.1

Score:
4.1
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.