CVE-2025-1632

CVSS 2.0 Score 1.7 of 10 (low)

Details

Published Feb 24, 2025

CWE ID 404

CWE ID 476

Summary

CVE-2025-1632 is a newly disclosed vulnerability in libarchive versions up to 3.7.7. This issue, classified as problematic, resides in the bsdunzip.c file's list function. An attacker can exploit this vulnerability to cause a null pointer dereference, potentially leading to local host compromise. The exploit has already been made public, increasing the risk of potential attacks. Sadly, the vendor has not responded to earlier disclosure notifications.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Libarchive

Affected Vendors

Libarchive

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/3qjalv
https://www.cve.org/CVERecord?id=CVE-2025-1632
https://nvd.nist.gov/vuln/detail/CVE-2025-1632

Back to Vulnerability Database