CVE-2025-5918 LOW

CVE-2025-5918: Libarchive: reading past eof may be triggered for piped file streams

Vendor Red Hat
Product Red Hat Enterprise Linux 10
Weakness CWE-125
Published June 9, 2025
Last update January 8, 2026

CVSS base score

3.9/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L

What the vulnerability does

01Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Key dates

02Disclosure timeline

June 9, 2025 CVE published
January 8, 2026 Record updated