CVE-2025-5918

MEDIUM EPSS 25.1%
Published Jun 9, 20251y ago · Modified Jun 17, 20261w ago
6.6 CVSS 3.1
Medium
Find Similar
Published Jun 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

CVSS Details

Base Score
6.6
Exploitability
1.3
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
25.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-125 Out-of-bounds Read Memory Safety

Affected Products 6

VendorProductVersionRange
libarchivelibarchive* <3.8.0
redhatopenshift_container_platform4.0any
redhatenterprise_linux6.0any
redhatenterprise_linux7.0any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any

References 4

  • access.redhat.com https://access.redhat.com/security/cve/CVE-2025-5918
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2370877
    Issue Tracking
  • github.com https://github.com/libarchive/libarchive/pull/2584
    Patch
  • github.com https://github.com/libarchive/libarchive/releases/tag/v3.8.0
    Release Notes

Remediation

  • github.com https://github.com/libarchive/libarchive/pull/2584
    Patch