CVE-2025-5918

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
redhatCNA
3.9 LOW
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
libarchivelibarchive
𝑥
< 3.8.0
redhatopenshift_container_platform
4.0
redhatenterprise_linux
6.0
redhatenterprise_linux
7.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
libarchive
bullseye
postponed
trixie
no-dsa
bookworm
no-dsa
bullseye (security)
vulnerable
bookworm (security)
vulnerable
forky
vulnerable
sid
vulnerable
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2025-5918
https://bugzilla.redhat.com/show_bug.cgi?id=2370877
https://github.com/libarchive/libarchive/pull/2584
https://github.com/libarchive/libarchive/releases/tag/v3.8.0