← back
CVE-2025-46394

CVE-2025-46394

CVSS 3.2 LOWEPSS 0.1%CWE-451
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N
Affected products
BusyBox · BusyBox

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://bugs.busybox.net/show_bug.cgi?id=16018https://cert-portal.siemens.com/productcert/html/ssa-253495.htmlhttps://www.busybox.nethttps://www.busybox.net/downloads/http://www.openwall.com/lists/oss-security/2025/04/23/5http://www.openwall.com/lists/oss-security/2025/04/24/3