CVE-2025-69874
Path Traversal in nanotar Allows Arbitrary File Write
Publication date: 2026-02-11
Last updated on: 2026-04-03
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| unjs | nanotar | to 0.2.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include:
- Avoid using nanotar versions up to 0.2.0 for extracting untrusted tar archives.
- Update nanotar to a version where this vulnerability is fixed, if available.
- Validate and sanitize tar archive contents before extraction to prevent path traversal sequences.
- Extract tar archives in isolated or sandboxed environments to limit potential damage.
Can you explain this vulnerability to me?
The vulnerability in nanotar versions up to 0.2.0 is a path traversal issue found in the functions parseTar() and parseTarGzip().
This flaw allows remote attackers to craft a malicious tar archive containing path traversal sequences that can cause files to be written outside the intended extraction directory.
In other words, when extracting files from a tar archive, an attacker can manipulate the file paths to escape the target folder and place files anywhere on the system where the process has write permissions.
How can this vulnerability impact me? :
This vulnerability can have serious impacts because it allows an attacker to write arbitrary files to locations outside the intended extraction directory.
Potential impacts include overwriting critical system files, placing malicious executables or scripts, or modifying configuration files, which can lead to system compromise, data corruption, or unauthorized code execution.
The severity depends on the permissions of the process performing the extraction and the environment in which nanotar is used.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability involves a path traversal issue in nanotar versions through 0.2.0 when extracting tar archives. Detection involves identifying if nanotar is used in your environment and if it processes tar archives that could contain malicious path traversal sequences.'}, {'type': 'paragraph', 'content': "To detect exploitation attempts, you can monitor for unusual file writes outside expected extraction directories, especially files with paths containing '../' sequences."}, {'type': 'paragraph', 'content': 'Suggested commands include scanning tar archives for suspicious path traversal entries before extraction. For example, using the tar command to list archive contents and check for suspicious paths:'}, {'type': 'list_item', 'content': "tar -tf suspicious-archive.tar | grep '\\.\\./'"}, {'type': 'paragraph', 'content': 'Additionally, monitoring file system changes outside expected directories during extraction can help detect exploitation.'}] [2]