Low severity3.2NVD Advisory· Published Apr 23, 2025· Updated Jun 2, 2026
CVE-2025-46394
CVE-2025-46394
Description
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
27- osv-coords23 versionspkg:apk/chainguard/busyboxpkg:apk/chainguard/busybox-fullpkg:apk/wolfi/busyboxpkg:apk/wolfi/busybox-fullpkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/busybox&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/busybox&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/busybox-links&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/busybox&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 1.37.0-r50+ 22 more
- (no CPE)range: < 1.37.0-r50
- (no CPE)range: < 1.37.0-r50
- (no CPE)range: < 1.37.0-r50
- (no CPE)range: < 1.37.0-r50
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-160000.4.1
- (no CPE)range: < 1.37.0-8.1
- (no CPE)range: < 1.37.0-150500.7.9.1
- (no CPE)range: < 1.35.0-150400.3.14.1
- (no CPE)range: < 1.35.0-150400.3.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-150700.18.10.1
- (no CPE)range: < 1.35.0-10.3.1
- (no CPE)range: < 1.35.0-150400.3.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-160000.4.1
- (no CPE)range: < 1.35.0-150400.3.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-150500.10.14.1
- (no CPE)range: < 1.37.0-160000.4.1
- (no CPE)range: < 1.35.0-10.3.1
Patches
Vulnerability mechanics
References
6- www.openwall.com/lists/oss-security/2025/04/23/5nvdMailing List
- www.openwall.com/lists/oss-security/2025/04/24/3nvdMailing List
- bugs.busybox.net/show_bug.cginvdIssue Tracking
- www.busybox.netnvdProduct
- www.busybox.net/downloads/nvdProduct
- cert-portal.siemens.com/productcert/html/ssa-253495.htmlnvd
News mentions
0No linked articles in our index yet.