CVE-2025-60753
MEDIUMlibarchive < 3.8.1 - Denial of Service via Crafted Substitution Rules
Title source: llmDescription
An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
References (2)
Core 2
Core References
Exploit, Third Party Advisory
https://github.com/Papya-j/CVE/tree/main/CVE-2025-60753
Exploit, Issue Tracking, Patch
https://github.com/libarchive/libarchive/issues/2725
Scores
CVSS v3
5.5
EPSS
0.0014
EPSS Percentile
3.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-400
CWE-835
Status
published
Products (1)
libarchive/libarchive
< 3.8.1
Published
Nov 05, 2025
Tracked Since
Feb 18, 2026