HIGHCVE-2025-59343CVSS 7.5

CVE-2025-59343: tar-fs Directory Traversal - High Severity

Q: What is CVE-2025-59343 in tar-fs?

Versions prior to 3.1.1, including 3.1.0, 2.1.3, and 1.16.5, are vulnerable to CVE-2025-59343.

Q: Am I affected by CVE-2025-59343 in tar-fs?

No, the 'ignore' option is a temporary solution. The permanent solution is to upgrade to a patched version (3.1.1, 2.1.4, or 1.16.6).

Q: How do I fix CVE-2025-59343 in tar-fs?

Check the version of tar-fs you are using. If it is older than the patched versions, it is vulnerable.

Q: Is CVE-2025-59343 being actively exploited?

Not patching this vulnerability could allow an attacker to execute malicious code, modify data, or compromise system security.

Q: Where can I find the official tar-fs advisory for CVE-2025-59343?

You can find more information about CVE-2025-59343 in vulnerability databases and security advisories from tar-fs providers.

Platform

nodejs

Component

tar-fs

Fixed in

3.0.1

2.0.1

1.16.6

3.1.1

AI Confidence: highNVDEPSS 0.0%Reviewed: May 2026

View on NVD

Save

CVE-2025-59343 is a directory traversal vulnerability discovered in the tar-fs component. This flaw could allow an attacker to access files and directories outside the intended extraction path, potentially leading to sensitive data exposure. The vulnerability affects versions 3.1.0, 2.1.3, and 1.16.5 and earlier. Patches are available for versions 3.1.1, 2.1.4, and 1.16.6.

Impact and Attack Scenarios

CVE-2025-59343 affects the tar-fs filesystem, carrying a CVSS score of 7.5, indicating a moderately high risk. Versions prior to 3.1.1, such as 3.1.0, 2.1.3, and 1.16.5, are susceptible to this vulnerability. The issue stems from how tar-fs handles certain file types, potentially allowing for malicious code execution or data manipulation. Successful exploitation could lead to a loss of confidentiality, integrity, or availability of affected systems. Upgrading to a patched version is crucial to mitigate this risk.

Exploitation Context

The vulnerability is exploited through manipulation of tar files. An attacker could craft a malicious tar file containing entries designed to trigger the vulnerable behavior in tar-fs. Exploitation could involve injecting malicious code or modifying existing files. The exploitation context depends on the environment where tar-fs is used and the attacker's permissions. It's important to review and validate tar files before extracting them, especially if they originate from untrusted sources.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown

CISA KEVNO

NextGuard56% still vulnerable

EPSS

0.03% (8% percentile)

CISA SSVC

Exploitationnone

Automatableno

Technical Impactpartial

Affected Software

Componenttar-fs

Vendorosv

Affected rangeFixed in

>= 3.0.0, < 3.1.1 – >= 3.0.0, < 3.1.13.0.1

>= 2.0.0, < 2.1.3 – >= 2.0.0, < 2.1.32.0.1

< 1.16.5 – < 1.16.51.16.6

3.0.03.1.1

Weakness Classification (CWE)

CWE-22 CWE-61

Timeline

Reserved2025-09-12
Published2025-09-24
Modified2026-02-04
EPSS updated2026-03-23

Patched -7 days after disclosure

Mitigation and Workarounds

The definitive solution is to upgrade to version 3.1.1, 2.1.4, or 1.16.6, which include the fix for CVE-2025-59343. As a temporary workaround, you can implement the 'ignore' option. This option allows filtering files that are neither files nor directories, preventing potential exploitation. The provided JavaScript code illustrates how to implement this workaround, blocking the processing of unwanted file types. Applying this workaround is recommended while completing the upgrade to the patched version.

How to fix

Actualice la biblioteca tar-fs a la versión 3.1.1, 2.1.4 o 1.16.6, o superior. Esto corrige la vulnerabilidad de omisión de validación de enlaces simbólicos. Como alternativa, utilice la opción `ignore` para excluir archivos y directorios no esenciales.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-59343 in tar-fs?