{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-09T15:43:56.771","vulnerabilities":[{"cve":{"id":"CVE-2025-25724","sourceIdentifier":"cve@mitre.org","published":"2025-03-02T02:15:36.603","lastModified":"2025-07-17T15:56:36.083","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale."},{"lang":"es","value":"list_item_verbose en tar/util.c en libarchive hasta 3.7.7 no verifica un valor de retorno de strftime, lo que puede provocar una denegación de servicio u otro impacto no especificado a través de un archivo TAR manipulado que se lee con un valor verbose de 2. Por ejemplo, el búfer de 100 bytes puede no ser suficiente para una configuración regional personalizada."}],"metrics":{"cvssMetricV31":[{"source":"cve@mitre.org","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L","baseScore":4.0,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"HIGH","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.4,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"cve@mitre.org","type":"Secondary","description":[{"lang":"en","value":"CWE-252"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:*","versionEndIncluding":"3.7.7","matchCriteriaId":"BF70A827-B7CB-4155-8FBC-73D52403367C"}]}]}],"references":[{"url":"https://gist.github.com/Ekkosun/a83870ce7f3b7813b9b462a395e8ad92","source":"cve@mitre.org","tags":["Third Party Advisory"]},{"url":"https://github.com/Ekkosun/pocs/blob/main/bsdtarbug","source":"cve@mitre.org","tags":["Exploit"]},{"url":"https://github.com/libarchive/libarchive/blob/b439d586f53911c84be5e380445a8a259e19114c/tar/util.c#L751-L752","source":"cve@mitre.org","tags":["Product"]}]}}]}