CVE-2025-46394

Summary

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Affected Software

VendorProductVersion RangeStatus
BusyBoxBusyBox0 <= 1.37.0affected

Weaknesses

  • CWE-451: CWE-451 User Interface (UI) Misrepresentation of Critical Information

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

Additional References

References