GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains — CVE-2025-45582

MSRC · Microsoft · CVE-2025-45582

ID
CVE-2025-45582

Date
2025-07-11

Updated
2025-08-18

Activity
2025-08-18

Source
MSRC

Vendor
Microsoft

Threat
medium

CVSS
4.1

Summary

CVE-2025-45582 is a advisory from MSRC. GNU Tar through 1.35 allows file overwrite via directory traversal in crafted TAR archives, with a certain two-step process. First, the victim must extract an archive that contains Vendor: Microsoft. Severity/Threat: medium. Source updated on 2025-08-18.

What to do

General, cautious steps (verify details in the official source):

Review exposure and plan remediation based on risk and environment.
Identify affected product versions in your inventory and verify whether you are impacted.
Apply vendor patches/updates or recommended mitigations as soon as available.
Read the official advisory for exact affected versions and remediation steps.