CVE 9.8 CRITICAL

CVE-2025-69874_CVE-2025-69874

February 12, 2026 invoker category_cve

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.

AI Analysis

Path traversal vulnerability in nanotar through 0.2.0 allowing remote attackers to write arbitrary files outside the intended extraction directory

Basic Information

ID CVE-2025-69874

Source mitre

Published Feb 11, 2026 at 00:00

Modified Feb 12, 2026 at 14:49

Affected Product

Vendor unjs

Product nanotar

Version 0.2.0

Affected Versions n/a n/a n/a

CWE Classification

CWE-22

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor unjs

Product nanotar

Version 0.2.0

References

{
    "lastseen": "",
    "description": "nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence.",
    "published": "2026-02-11T00:00:00.000Z",
    "modified": "2026-02-12T14:49:30.529Z",
    "type": "cve",
    "title": "CVE-2025-69874",
    "source": "mitre",
    "references": "https://github.com/unjs/nanotar\nhttps://www.npmjs.com/package/nanotar\nhttps://github.com/EthanKim88/ethan-cve-disclosures/blob/main/CVE-2025-69874-nanotar-Path-Traversal.md",
    "id": "CVE-2025-69874",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "n/a n/a n/a",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "nanotar",
    "version": "0.2.0",
    "vendor": "unjs",
    "ai_description": "Path traversal vulnerability in nanotar through 0.2.0 allowing remote attackers to write arbitrary files outside the intended extraction directory",
    "ai_severity": "Critical",
    "ai_vendor": "unjs",
    "ai_product": "nanotar",
    "ai_version": "0.2.0",
    "ai_score": 9.8
}

💭 Join the Security Discussion ❌ Cancel Reply