TARmageddon: Major Security Flaw in Popular Rust Library
Originally Published 2 months ago — by Phoronix
A critical security vulnerability named TARmageddon (CVE-2025-62518) has been disclosed in the popular Rust async-tar library and its forks, allowing remote code execution through file overwriting, despite Rust's usual safety guarantees. The vulnerability affects downstream projects like uv Python package manager, and patching efforts are underway due to the lack of upstream maintenance for some forks.