CVE-2025-46394

CVE-2025-46394

CVSS 3.2 LOWEPSS 0.1%CWE-451

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

Productos afectados

BusyBox · BusyBox

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://bugs.busybox.net/show_bug.cgi?id=16018 https://cert-portal.siemens.com/productcert/html/ssa-253495.html https://www.busybox.net https://www.busybox.net/downloads/http://www.openwall.com/lists/oss-security/2025/04/23/5 http://www.openwall.com/lists/oss-security/2025/04/24/3