Medium severityOSV Advisory· Published Nov 7, 2025· Updated Apr 15, 2026
CVE-2025-64346
CVE-2025-64346
Description
archives is a Go library for extracting archives (tar, zip, etc.). Version 1.0.0 does not prevent a malicious user to feed a specially crafted archive to the library causing RCE, modification of files or other malignancies in the context of whatever the user is running this library as, through the program that imports it. Severity depends on user permissions, environment and how arbitrary archives are passed. This issue is fixed in version 1.0.1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/jaredallard/archivesGo | < 1.0.1 | 1.0.1 |
Affected products
2- Range: v1.0.0
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.