Critical Vulnerability in Tar Utility Allows File Overwrites

Critical Vulnerability in Tar Utility Allows File Overwrites

First seen 6 Jul 2026, 23:49 UTC UbuntuLinuxsecurity 85% similarity 70.5

Article Content

Browse articles
ThreatCluster

A vulnerability in the tar utility was discovered, affecting multiple Ubuntu versions. The issue arises from incorrect handling of symlinks during archive extraction, potentially allowing attackers to overwrite arbitrary files. This vulnerability is identified as USN-8510-1 and is associated with CVE-2025. Affected versions include Ubuntu 26.04 LTS, 24.04 LTS, and 22.04 LTS. Users are advised to update their systems to mitigate the risk. The vulnerability poses a significant threat to system integrity if exploited. Ubuntu Pro offers ten-year security coverage for affected packages. The vulnerability was disclosed on July 6, 2026, and is critical for users of the tar utility.

Key Points: • A critical vulnerability in tar allows file overwrites via symlink mishandling. • Affected Ubuntu versions include 26.04, 24.04, and 22.04 LTS. • Users are urged to update their systems to prevent potential exploitation.

ThreatCluster AI

Timeline

2026-07-06
Vulnerability USN-8510-1 disclosed
A critical vulnerability in the tar utility was announced, affecting multiple Ubuntu versions due to symlink mishandling.
Ubuntu
2026-07-06
CVE-2025 associated with tar vulnerability
The vulnerability allows attackers to overwrite arbitrary files when extracting archives, posing a significant risk.
Linuxsecurity

Community

Browse all →