CVE-2025-5918

Name: CVE-2025-5918 — Vulnerability Record
Brand: Quanteta Data Lab
SKU: CVE-2025-5918

LOW

CVSS v3.1: 3.9 · EPSS: 0.0033 (25.0 percentile)

Out-of-bounds ReadVendor advisory ref

Source data as of: 2026-06-26 05:02:17 UTC

At a glance

Severity: LOW
CVSS: 3.9 v3.1 · NVD
EPSS: 0.0033 (25.0 percentile) · FIRST.org
CISA KEV: No
Type: Out-of-bounds Read · NVD CWE
Attack conditions (CVSS vector): · Source: NVD Vector
Affected vendors: libarchive, redhat
Published: 2025-06-09 · Modified: 2026-06-25
References: Jump to references (4)

CVSS / EPSS / KEV

CVSS v3.1 3.9 / 10 LOW Source: NVD

EPSS 0.0033 25.0 percentile Source: FIRST.org

CISA KEV No Source: CISA

Source — CVSS: NVD · EPSS: FIRST.org · KEV: CISA. Data & Sources

Description

A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.

Record details

CVE ID: CVE-2025-5918
CVSS (v3.1): 3.9 (LOW)
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L
Exploitability subscore: 1.3
Impact subscore: 2.5
EPSS: 0.0033 (25.0 percentile) — 2026-06-26
CISA KEV: No
Weakness (CWE): CWE-125
Affected vendors: libarchive, redhat
Affected configurations (CPE): 6
Published: 2025-06-09
Modified: 2026-06-25
Status: Analyzed

References

Reference URLs as listed by NVD, grouped by a mechanical match on the link's host/pattern. Labels describe the link type only.

← Back to all records

CVE-2025-5918

At a glance

CVSS / EPSS / KEV

Description

Record details

References

Related records

Same affected vendor

Same weakness type (CWE)

Published the same year