Home / Vulnerability Intelligence / CVE-2025-69874

CVE-2025-69874 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: February 12, 2026

nanotar - Path Traversal

Published: February 11, 2026Updated: February 12, 2026Remote Exploitable

Overview

nanotar <= 0.2.0 contains a path traversal vulnerability caused by improper validation in parseTar() and parseTarGzip(), letting remote attackers write arbitrary files outside the extraction directory via crafted tar archives.

Severity & Score

Severity: Critical

CVSS Score: 9.8

EPSS Score: 17.3%(Probability of exploitation in next 30 days)

Impact

Remote attackers can write arbitrary files outside the intended directory, potentially leading to system compromise or data tampering.

Mitigation

Update to the latest version beyond 0.2.0.

References

Social Media Activity(1 post)

TheHackerWire

@thehackerwire

Feb 14, 2026

🔴 CVE-2025-69874 - Critical (9.8) nanotar through 0.2.0 has a path traversal vulnerability in parseTar() and parseTarGzip() that allows remote attackers to write arbitrary files outside the intended extraction directory via a crafted tar archive containing path traversal sequence. 🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-69874/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID: CVE-2025-69874
Severity: Critical
CVSS Score: 9.8
Type: path_traversal
Status: unconfirmed
EPSS: 17.3%
Social Posts: 1

CWE

CWE-22

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

17.3%Probability of exploitation in the next 30 days