CVE-2025-69874

ADVISORY - github

Summary

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

EPSS Score⁠: 0.00173 (0.386)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

ADVISORY - github

CWE-22⁠

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Impacted images

Advisories

NIST

CREATED

4 days ago

UPDATED

3 days ago

ADVISORY IDCVE-2025-69874⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

9.8critical

GitHub

CREATED

4 days ago

UPDATED

4 days ago

ADVISORY IDGHSA-92fh-27vv-894w⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-22⁠

CVSS SCORE

6.9medium