CVE-2025-5918
6.6
MEDIUM
CVSS 3.1
EPSS 0.11%
Description
A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.
How to fix CVE-2025-5918
To remediate CVE-2025-5918, upgrade the affected package to a fixed version below.
- —upgrade to 3.4.3-2+deb11u3 or later
Is CVE-2025-5918 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.4.3-2+deb11u3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.6 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H |