Executive Summary

A critical security vulnerability, TARmageddon (CVE-2025-62518, CVSS 8.1), has been identified in the widely used Rust library async-tar and its derivatives, most notably the now-abandoned tokio-tar. This flaw enables attackers to "smuggle" additional archive entries during TAR extraction, resulting in file overwrites and the potential for remote code execution (RCE). The vulnerability has a broad impact, affecting major projects such as uv (Astral's Python package manager), testcontainers, and wasmCloud. The risk is particularly acute for organizations relying on these libraries within their software supply chain, CI/CD pipelines, or containerized environments. Immediate remediation is strongly advised to prevent exploitation and mitigate supply chain compromise.

Technical Information

The TARmageddon vulnerability is rooted in a desynchronization flaw in the parsing logic of TAR archives, specifically in the handling of PAX and ustar headers. In the TAR file format, each file entry can be described by multiple headers. The PAX header is used for extended attributes, including file size, while the ustar header is the traditional format. The vulnerability occurs when a file entry is crafted with a PAX header specifying a non-zero file size (for example, 1MB) and a ustar header specifying a zero file size. The affected libraries, including async-tar, tokio-tar, krata-tokio-tar, and pre-0.5.6 versions of astral-tokio-tar, incorrectly advance the read pointer by zero bytes (as per the ustar header) instead of the actual file size (as per the PAX header).

This misalignment allows an attacker to inject a nested TAR archive at a specific offset, which the vulnerable parser will interpret as new entries in the outer archive. As a result, files from the inner archive can be "smuggled" into the extraction process, potentially overwriting critical files or introducing malicious payloads. This attack vector is particularly dangerous in automated build systems, CI/CD pipelines, and environments where TAR extraction is performed on untrusted or third-party archives.

The vulnerability is classified as high severity due to its potential to facilitate remote code execution, supply chain attacks, and bypass of security controls. The attack surface includes any application or system that uses the affected libraries for TAR extraction, especially in automated or unsupervised contexts.

The technical mechanism can be summarized as follows: an attacker crafts a TAR archive with a PAX header indicating a large file, but a ustar header indicating zero size. The vulnerable parser, upon encountering this entry, advances the stream by zero bytes, leaving the actual file data in place. The next header is then interpreted as a new file entry, allowing the attacker to inject arbitrary files into the extraction process. This can lead to overwriting of configuration files, introduction of malicious scripts, or other forms of compromise.

The vulnerability has been assigned CVE-2025-62518 and is tracked in the National Vulnerability Database. The patched version is astral-tokio-tar 0.5.6 and later. The standard synchronous tar crate is not affected.

Exploitation in the Wild

As of the time of this advisory, there are no confirmed reports of active exploitation of TARmageddon in the wild. No advanced persistent threat (APT) groups or criminal actors have been publicly linked to attacks leveraging this vulnerability. However, the attack vectors are practical and align closely with known supply chain and CI/CD attack patterns. The technical details and proof-of-concept (PoC) exploits are publicly available, significantly lowering the barrier for opportunistic attackers to develop and deploy malicious TAR archives targeting vulnerable systems.

The risk of exploitation is heightened by the widespread use of the affected libraries in popular open-source projects and the prevalence of automated extraction workflows in modern development and deployment pipelines. Organizations should assume that exploitation is possible and act with urgency to remediate the vulnerability.

APT Groups using this vulnerability

There are currently no public reports or intelligence indicating that any APT groups are actively exploiting TARmageddon (CVE-2025-62518). No sector- or country-specific targeting has been observed. Nonetheless, the nature of the vulnerability makes it an attractive target for both state-sponsored and financially motivated actors, particularly those focused on software supply chain compromise, CI/CD pipeline infiltration, and lateral movement via poisoned dependencies.

Given the public availability of technical details and PoC exploits, it is reasonable to anticipate that APT groups and other sophisticated adversaries may incorporate this vulnerability into their toolkits in the near future. Organizations operating in high-risk sectors or with critical supply chain dependencies should prioritize remediation and monitor for signs of exploitation.

Affected Product Versions

The following libraries and versions are confirmed to be affected by TARmageddon:

The async-tar library is vulnerable in all released versions up to and including the latest available as of October 21, 2025. No patched version is available at this time, although a patch has been developed but not yet released.

The tokio-tar library, which is now abandoned, is vulnerable in all released versions up to and including the latest available as of October 21, 2025. No patched version is available.

The krata-tokio-tar library is vulnerable in all released versions up to and including the latest available as of October 21, 2025. The project is archived and no patched version has been released.

The astral-tokio-tar library is vulnerable in all versions prior to 0.5.6. The issue is resolved in version 0.5.6 and later.

Major projects affected by this vulnerability include uv (Astral's Python package manager), testcontainers, wasmCloud, binstalk-downloader, and liboxen. The opa-wasm project is not affected, as it does not use the vulnerable extraction logic. Any project using unpatched versions of tokio-tar, async-tar, krata-tokio-tar, or affected versions of astral-tokio-tar is at risk.

Workaround and Mitigation

Immediate action is required to mitigate the risk posed by TARmageddon. Organizations should upgrade to astral-tokio-tar version 0.5.6 or later, or migrate to another patched fork. If possible, eliminate the use of tokio-tar, async-tar, krata-tokio-tar, or other unmaintained forks. As an alternative, the standard synchronous tar crate can be used, as it is not affected by this vulnerability.

In addition to upgrading or replacing the affected libraries, organizations should implement runtime mitigations to reduce the risk of exploitation. These include validating the number and names of extracted files against expected manifests, scanning extraction directories after extraction for unexpected files, using extraction sandboxes with file count and size limits, and disabling file overwriting during extraction where feasible.

Security teams should also monitor for indicators of compromise, such as malicious TAR files with mismatched PAX and ustar headers (PAX size greater than zero, ustar size equal to zero), unexpected or overwritten files after extraction (especially configuration files like pyproject.toml), and TAR archives containing nested TARs with headers at unexpected offsets.

References

Edera Technical Advisory, The Hacker News Article, Astral Security Advisory, Patch repository (Edera), NVD CVE-2025-62518

Rescana is here for you

At Rescana, we understand the critical importance of securing your software supply chain and third-party risk landscape. Our TPRM platform empowers organizations to continuously monitor, assess, and manage the security posture of their vendors and dependencies, providing actionable insights and automated workflows to reduce risk and ensure compliance. If you have any questions about this advisory or need assistance with your risk management strategy, our team is ready to help. Please contact us at ops@rescana.com.