HOMEVULNERABILITIESCVE-2025-46394
LOW

CVE-2025-46394

CWE-451Published: April 23, 2025· Updated: Jun 17, 2026

3.3
CVSS v3.1

Official Description

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

NVD Source

Technical Analysis

CVE-2025-46394 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityLow
Privileges Req.Low
User InteractionNone
ScopeUnchanged
Impact
ConfidentialityNone
IntegrityLow
AvailabilityNone
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Vendors & Products

busybox1 product(s)
busybox
Source: NVD CPE · 1 total CPE entries

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

News & Research Mentioning CVE-2025-46394

Siemens SINEC OS
CISA Alerts· Jul 7, 2026

View CSAF Summary SINEC OS before V4.0 contains multiple vulnerabilities. Siemens has released a new version for RUGGEDCOM RST2428P and recommends to update to the latest version. The following versions of Siemens SINEC OS are affected: RUGGEDCOM RST2428P (6GK6242-6PA00) vers:intdot/ cork. syzbot reported the splat below. [0] The repro does the following: 1. Load a sk_msg prog that calls bpf_msg_cork_bytes(msg, cork_bytes) 2. Attach the prog to a SOCKMAP 3. Add a socket to the SOCKMAP 4. Activate fault injection 5. Send data less than cork_bytes At 5., the data is carried over to the next sendmsg() as it is smaller than the cork_bytes specified by bpf_msg_cork_bytes(). Then, tcp_bpf_send_verdict() tries to allocate psock->cork to hold the data, but t [xlite_meta score:73 src:CISA Alerts xlite_fp:c21152d4d475a8e030213da473dfe64f022ad052db21f63751c61a376d2d7ec4]

All References (6)

Quick Facts

CVE IDCVE-2025-46394
CVSS Score3.3 / 10
SeverityLOW
WeaknessCWE-451
CISA KEVNo
Affected1 vendor(s)
PublishedApr 23, 2025

Related CVEs (CWE-451)

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2025-46394 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.