CVE-2025-46394
CWE-451Published: April 23, 2025· Updated: Jun 17, 2026
Official Description
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Technical Analysis
CVE-2025-46394 requires local access, meaning attackers must already have a foothold on the target system.
Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.
CVSS v3.1 Vector Breakdown
Affected Vendors & Products
Exploit & PoC Resources
News & Research Mentioning CVE-2025-46394
View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/ cork. syzbot reported the splat below. [0] The repro does the following: 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes) 2. Attach the prog to a SOCKMAP 3. Add a socket to the SOCKMAP 4. Activate fault injection 5. Send data less than cork_bytes At 5., the data is carried over to the next sendmsg() as it is smaller than the cork_bytes specified by bpf_msg_cork_bytes(). Then, tcp_bpf_send_verdict() tries to allocate psock->cork to hold the data, but t [xlite_meta score:73 src:CISA Alerts xlite_fp:c21152d4d475a8e030213da473dfe64f022ad052db21f63751c61a376d2d7ec4]
All References (6)
Quick Facts
Related CVEs (CWE-451)
Recommended Actions
- →Apply vendor patches immediately
- →Monitor CVE-2025-46394 in threat intel feeds
- →Review IDS/IPS signatures for exploitation attempts