Executive Summary

A critical remote code execution (RCE) vulnerability, known as TARmageddon (CVE-2025-62518), has been identified in the widely used Rust async-tar library and its derivatives, most notably tokio-tar. This flaw enables attackers to inject additional files during TAR archive extraction, leading to file overwrites, supply chain attacks, and the circumvention of security controls. With a CVSS score of 8.1 (High), the vulnerability poses a significant risk to organizations leveraging affected libraries in their software supply chains, CI/CD pipelines, and containerized environments. Major projects impacted include uv (Astral’s Python package manager), testcontainers, and wasmCloud. Immediate remediation is required due to the public availability of technical details and proof-of-concept exploits.

Technical Information

The TARmageddon vulnerability arises from a desynchronization bug in the TAR parser’s handling of PAX and ustar headers within the async-tar and tokio-tar libraries. In the TAR format, a file entry can be described by both a PAX header (which can override standard fields) and a ustar header. The vulnerability is triggered when a malicious TAR archive is crafted such that the PAX header specifies a non-zero file size (e.g., 1MB), while the ustar header incorrectly specifies a zero size. The vulnerable parser advances the read position based on the ustar size (0 bytes), not the actual PAX size, causing it to misinterpret the file data as new TAR headers. This allows an attacker to "smuggle" additional files into the extraction process, which are not visible in the manifest or bill of materials (BOM) and can overwrite critical files in the target directory.

The technical impact is profound. Attackers can overwrite configuration files, introduce malicious executables, or bypass security scanning mechanisms that only inspect the outer TAR structure. This flaw is especially dangerous in automated build systems, CI/CD pipelines, and environments where TAR extraction is performed on untrusted archives, such as package managers and container orchestration platforms.

The vulnerability is tracked as CVE-2025-62518 and is classified under CWE-843: Access of Resource Using Incompatible Type ('Type Confusion'). The affected libraries include the original async-tar, the now-abandoned tokio-tar, the archived krata-tokio-tar, and all versions of astral-tokio-tar prior to 0.5.6. The standard synchronous tar crate is not affected.

Exploitation scenarios include Python build backend hijacking, where a malicious package on PyPI can overwrite pyproject.toml during installation, leading to RCE on developer or CI systems. In container environments, malicious image layers can introduce unexpected files, compromising test environments. Security scanners that only analyze the outer TAR may miss hidden files injected via this flaw, enabling attackers to bypass approval processes.

Exploitation in the Wild

As of the time of this advisory, there are no confirmed reports of active exploitation of TARmageddon in the wild. However, the vulnerability is considered highly exploitable due to its low complexity and the ubiquity of the affected libraries in supply chain contexts. The responsible disclosure process was coordinated by the Edera team, but with the public release of technical details and proof-of-concept code, the risk of exploitation is expected to rise rapidly. Organizations should assume that threat actors will begin weaponizing this flaw in the near future, particularly in automated build and deployment environments.

APT Groups using this vulnerability

There is currently no public attribution of TARmageddon exploitation to any specific advanced persistent threat (APT) groups. Open-source threat intelligence, MITRE ATT&CK, and NVD sources do not indicate active targeting by known APTs as of this report. Nevertheless, the characteristics of the vulnerability—its impact on software supply chains, CI/CD pipelines, and containerized environments—make it an attractive target for supply chain-focused APTs and sophisticated cybercriminals. The lack of attribution should not be interpreted as a lack of risk; rather, it underscores the urgency of proactive mitigation before exploitation becomes widespread.

Affected Product Versions

The following products and versions are confirmed to be affected by TARmageddon:

The astral-tokio-tar library is affected in all versions prior to 0.5.6, including v0.5.0, v0.5.1, v0.5.2, v0.5.3, v0.5.4, v0.5.5, all 0.x versions before 0.5.6, v5.0.0, and all 5.x versions prior to the patch. Specific affected commits include 9b5e692, b1e6022, ba2b140, c06006a, and efeaea9.

The tokio-tar library is affected in all released versions, with no official patch available due to the project’s abandoned status. Users of tokio-tar must migrate to a maintained fork, such as astral-tokio-tar v0.5.6 or later.

The krata-tokio-tar library is affected in all versions and is archived. Users should migrate to astral-tokio-tar v0.5.6 or a maintained alternative.

The original async-tar library is affected in all versions prior to the maintainer’s patch. Users must verify their version and apply the patch or migrate to a maintained fork.

Major downstream projects impacted include uv (Astral’s Python package manager), testcontainers (container testing framework), wasmCloud (cloud-native WebAssembly platform), and other projects such as binstalk-downloader, liboxen, and opa-wasm. The full extent of the impact is unknown due to the widespread use of tokio-tar and its forks in the Rust ecosystem.

Workaround and Mitigation

There is no viable workaround for unpatched versions of the affected libraries. Immediate action is required to mitigate the risk posed by TARmageddon. Organizations should upgrade to astral-tokio-tar v0.5.6 or later, which includes a comprehensive patch that prioritizes the PAX header size over the ustar header size, validates header consistency, and enforces strict boundary checking to prevent header/data confusion. The patch is available at the official Astral tokio-tar repository.

For users of the abandoned tokio-tar or archived krata-tokio-tar, migration to astral-tokio-tar or another actively maintained fork is mandatory. The standard synchronous tar crate is not affected and can be used as a temporary replacement if migration is not immediately feasible.

Additional mitigation strategies include auditing all dependencies for usage of tokio-tar or its forks, validating extracted file counts against expected manifests, performing post-extraction directory scans to detect unexpected files, using extraction sandboxes with file count and size limits, and disabling file overwriting during extraction where possible.

Organizations should also monitor for indicators of compromise, such as malicious TAR archives with mismatched PAX and ustar header sizes, unexpected or duplicate files after extraction, and overwritten configuration files like pyproject.toml following package installation or container extraction.

References

Edera Technical Write-up: https://edera.dev/stories/tarmageddon NVD CVE-2025-62518: https://nvd.nist.gov/vuln/detail/CVE-2025-62518 Astral tokio-tar Security Advisory: https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx uv Security Advisory: https://github.com/astral-sh/uv/security/advisories/GHSA-w476-p2h3-79g9 Patch commit: https://github.com/astral-sh/tokio-tar/commit/22b3f884adb7a2adf1d3a8d03469533f5cbc8318 Edera PoC and patches: https://github.com/edera-dev/cve-tarmageddon

Rescana is here for you

At Rescana, we understand the critical importance of supply chain security and the challenges organizations face in managing third-party risk. Our TPRM platform empowers you to continuously monitor, assess, and mitigate risks across your software supply chain, providing actionable insights and automated workflows to strengthen your security posture. If you have any questions about this advisory or need assistance with incident response, our team is ready to help at ops@rescana.com.