DNA View

High Severity Vulnerability

This vulnerability has been rated as High severity. Immediate action is recommended.

CVE-2025-4435

High

Low Medium High Critical

7.5

CVSS Score

Published: Jun 03, 2025

Last Modified: Jun 04, 2025

CWE: CWE-682

Vulnerability Description

When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorlevel = 0 in affected versions is that the member would still be extracted and not skipped.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Available Security Patches

4 patches available from vendors

View All Patches

Oracle

CPUAPR2026

Oracle Critical Patch Update Advisory - April 2026

Severity

Critical

Released

Apr 21, 2026

Restart Required

Security Update

View Details Vendor Page

Oracle

CPUOCT2025

Oracle Critical Patch Update Advisory - October 2025

Severity

Critical

Released

Oct 21, 2025

Restart Required

Security Update

View Details Vendor Page

Microsoft

2025-Jun-CVE-2025-4435

CVE-2025-4435: Tarfile extracts filtered members when errorlevel=0

Severity

Unknown

Released

Sep 04, 2025

Security Update

View Details Vendor Page

SUSE

CVE-2025-4435

Severity

Unknown

Released

Jun 04, 2025

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

7.5

out of 10.0

High

Weakness Type (CWE)

CWE-682

Incorrect Calculation

Description: The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Pillar