CVE-2025-69874 – CVE-2025-69874 is a critical path traversal vul... (How to Fix)

📋 TL;DR

CVE-2025-69874 is a critical path traversal vulnerability in nanotar that allows attackers to write arbitrary files outside the intended extraction directory via crafted tar archives. This affects all applications using nanotar versions through 0.2.0 for tar archive parsing. Attackers can potentially overwrite system files or deploy malicious payloads.

💻 Affected Systems

Products:

nanotar

Versions: through 0.2.0

Operating Systems: all

Default Config Vulnerable: ⚠️ Yes

Notes: Any application using nanotar's parseTar() or parseTarGzip() functions with user-controlled tar archives is vulnerable.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution via overwriting critical system files or configuration files, leading to complete system compromise.

🟠

Likely Case

File system corruption, data loss, or deployment of backdoors/malware in web application contexts.

🟢

If Mitigated

Limited to directory traversal within application's file system permissions, potentially causing data integrity issues.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only a crafted tar archive with path traversal sequences (e.g., '../../etc/passwd').

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.2.1 or later

Vendor Advisory: https://github.com/unjs/nanotar

Restart Required: No

Instructions:

1. Update nanotar package: npm update nanotar
2. Verify version is 0.2.1 or higher: npm list nanotar
3. Test tar parsing functionality after update.

🔧 Temporary Workarounds

Input validation and sanitization

all

Validate and sanitize tar archive paths before processing to prevent traversal sequences.

Chroot/jail extraction

all

Extract tar archives in a chrooted or jailed environment with restricted file system access.

🧯 If You Can't Patch

Disable tar archive processing from untrusted sources
Implement strict file system permissions and monitor for unauthorized file writes

🔍 How to Verify

Check if Vulnerable:

Check package.json or run: npm list nanotar | grep nanotar

Check Version:

npm list nanotar | grep nanotar

Verify Fix Applied:

Confirm nanotar version is 0.2.1 or higher: npm list nanotar

📡 Detection & Monitoring

Log Indicators:

Unexpected file write operations outside expected directories
Failed file write attempts with traversal patterns

Network Indicators:

Inbound tar archive uploads to vulnerable endpoints

SIEM Query:

file_write AND (path:"../" OR path:"..\\") AND process_name:"node"

📊 Metadata

CVE ID: CVE-2025-69874

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-22

EPSS Score: 0.17% exploit probability (38.6th percentile)

Published: February 11, 2026

Last Updated: February 12, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69874, you might also want to check these: