CVE-2025-4435 – TarFile Errorlevel Extraction Vulnerability

CVE ID : CVE-2025-4435

Published : June 3, 2025, 1:15 p.m. | 1 hour, 14 minutes ago

Description : When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…