Critical severity9.8NVD Advisory· Published Feb 11, 2026· Updated Apr 3, 2026
CVE-2025-69874
CVE-2025-69874
Description
nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nanotarnpm | <= 0.2.0 | — |
Affected products
2Patches
Vulnerability mechanics
References
4- github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.mdnvdExploitThird Party AdvisoryWEB
- github.com/advisories/GHSA-92fh-27vv-894wghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-69874ghsaADVISORY
- www.npmjs.com/package/nanotarnvdProductWEB
News mentions
0No linked articles in our index yet.