CVE-2025-69874
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal in nanotar Allows Arbitrary File Write

Publication date: 2026-02-11

Last updated on: 2026-04-03

Assigner: MITRE

Description
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-11
Last Modified
2026-04-03
Generated
2026-06-16
AI Q&A
2026-02-11
EPSS Evaluated
2026-06-14
NVD
CVE-2025-69874
EUVD
EUVD-2025-207397
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
unjs nanotar to 0.2.0 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

Immediate mitigation steps include:

  • Avoid using nanotar versions up to 0.2.0 for extracting untrusted tar archives.
  • Update nanotar to a version where this vulnerability is fixed, if available.
  • Validate and sanitize tar archive contents before extraction to prevent path traversal sequences.
  • Extract tar archives in isolated or sandboxed environments to limit potential damage.
Executive Summary

The vulnerability in nanotar versions up to 0.2.0 is a path traversal issue found in the functions parseTar() and parseTarGzip().

This flaw allows remote attackers to craft a malicious tar archive containing path traversal sequences that can cause files to be written outside the intended extraction directory.

In other words, when extracting files from a tar archive, an attacker can manipulate the file paths to escape the target folder and place files anywhere on the system where the process has write permissions.

Impact Analysis

This vulnerability can have serious impacts because it allows an attacker to write arbitrary files to locations outside the intended extraction directory.

Potential impacts include overwriting critical system files, placing malicious executables or scripts, or modifying configuration files, which can lead to system compromise, data corruption, or unauthorized code execution.

The severity depends on the permissions of the process performing the extraction and the environment in which nanotar is used.

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves a path traversal issue in nanotar versions through 0.2.0 when extracting tar archives. Detection involves identifying if nanotar is used in your environment and if it processes tar archives that could contain malicious path traversal sequences.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts, you can monitor for unusual file writes outside expected extraction directories, especially files with paths containing '../' sequences."}, {'type': 'paragraph', 'content': 'Suggested commands include scanning tar archives for suspicious path traversal entries before extraction. For example, using the tar command to list archive contents and check for suspicious paths:'}, {'type': 'list_item', 'content': "tar -tf suspicious-archive.tar | grep '\\.\\./'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring file system changes outside expected directories during extraction can help detect exploitation.'}] [2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-69874. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart