CVE-2025-48387
ADVISORY - githubSummary
Impact
v3.0.8, v2.1.2, v1.16.4 and below
Patches
Has been patched in 3.0.9, 2.1.3, and 1.16.5
Workarounds
You can use the ignore option to ignore non files/directories.
ignore (_, header) {
// pass files & directories, ignore e.g. symlinks
return header.type !== 'file' && header.type !== 'directory'
}
Credit
Thank you Caleb Brown from Google Open Source Security Team for reporting this in detail.
EPSS Score: 0.00134 (0.340)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADVISORY - github
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
ADVISORY - gitlab
ADVISORY - redhat
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
NIST
CREATED
UPDATED
ADVISORY IDCVE-2025-48387
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.7highGitHub
CREATED
UPDATED
ADVISORY IDGHSA-8cj5-5rvv-wf4v
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
8.7highDebian
CREATED
UPDATED
ADVISORY IDCVE-2025-48387
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Ubuntu
CREATED
UPDATED
ADVISORY IDCVE-2025-48387
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/AmediumRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2025-48387
EXPLOITABILITY SCORE
3.9
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
7.3highChainguard
CREATED
UPDATED
ADVISORY ID
CGA-55w6-xh69-4x9r
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-cxg8-c7qw-wchh
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-pf8m-56wg-hmgj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-rgrf-56cm-grr5
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-rwrq-vpx6-923w
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
Chainguard
CREATED
UPDATED
ADVISORY ID
CGA-xh6r-mq5h-82fj
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-