Remote Code Execution Vulnerability in Archives Go Library by Jared Allard
CVE-2025-64346

6MEDIUM

Key Information:

Vendor: Jaredallard
Status: Archives
Vendor: CVE Published:; 7 November 2025

🔔 Create Jaredallard Vulnerability Alert

What is CVE-2025-64346?

The Archives Go library, designed for extracting various types of archive files such as tar and zip, contains a vulnerability in version 1.0.0 that allows malicious users to exploit specially crafted archives. This flaw can potentially lead to remote code execution and unauthorized file modifications in the environment where the library is utilized. The severity of the impact largely depends on the user permissions and the context of the execution, including how the library is integrated within applications. The issue has been resolved in version 1.0.1 with updates that mitigate the risks associated with arbitrary archive manipulation.

Affected Version(s)

archives < 1.0.1

References

https://github.com/jaredallard/archives/security/advisori...

x_refsource_CONFIRM

https://github.com/jaredallard/archives/commit/3bddec7bd3...

x_refsource_MISC

CVSS V4

Score:

Severity:

MEDIUM

Confidentiality:

None

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Attack Required:

Physical

Privileges Required:

Undefined

User Interaction:

None

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 7, 2025
Vulnerability Reserved
Oct 30, 2025

JSON