TARmageddon flaw in abandoned Rust library enables RCE attacks

TARmageddon flaw in abandoned Rust library enables RCE attacks

A high-severity vulnerability in the now-abandoned async-tar Rust library and its forks can be exploited to gain remote code execution on systems running unpatched software.

Researchers uncover remote code execution flaw in abandoned Rust code library

Security specialists at Edera discovered and disclosed a high-severity vulnerability in an early and since-abandoned code for an open-source async tar archive library for the Rust programming language.  Researchers warned that potential exploitation, which allows for remote code execution, could bear major impacts due to widespread forking and a lack of visibility into the code’s use.  “Given its presence in critical, widely-deployed tools like …

Rust TARmageddon: CVE‑2025‑62518 RCE Flaw In Async-tar

A critical flaw has been identified in a Rust library that demands immediate attention from developers and IT decision-makers leveraging the Rust ecosystem. The vulnerability, tracked as CVE‑2025‑62518, exposes serious remote code execution (RCE) risks in the widely used async tar library ecosystem.  The root of the problem lies in a boundary-parsing error within a key Rust component. The library at the center is the async-tar “family” of crates…

TARmageddon Vulnerability In Rust Library Let Attackers Replace Config Files And Execute Remote Codes

A severe vulnerability in the async-tar Rust library and its popular forks, including the widely used tokio-tar. Dubbed TARmageddon and tracked as CVE-2025-62518, the bug carries a CVSS score of 8.1, classifying it as high severity. It allows attackers to manipulate TAR archive parsing, potentially overwriting critical files like configuration scripts and triggering remote code […] The post TARmageddon Vulnerability In Rust Library Let Attackers…

TARmageddon Security Flaw In Rust Library Could Lead To Config Tampering And RCE - Cybernoz - Cybersecurity News

The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability Name TARmageddon Affected Librar…

TARmageddon Security Flaw in Rust Library Could Lead to Config Tampering and RCE

The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar. Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems. Field Details CVE ID CVE-2025-62518 Vulnerability […] The post TARmageddon Security Fl…