CVE-2025-25724 MEDIUM

CVE-2025-25724

Vendor Libarchive
Product libarchive
Weakness CWE-252
Published March 2, 2025
Last update March 4, 2025

CVSS base score

4.0/10
Attack vector Local
Attack complexity High
Privileges required None
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

What the vulnerability does

01Description

list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale.

Key dates

02Disclosure timeline

March 2, 2025 CVE published
March 4, 2025 Record updated