CVE-2025-60753: Medium severity Libarchive bsdtar vulnerability
Published Nov 5, 2025
·Updated
An issue was discovered in libarchive bsdtar before version 3.8.1 in function applysubstitution in file tar/subst.c when processing crafted -s substitution rules. This can cause unbounded memory allocation and lead to denial of service (Out-of-Memory crash).
Affected Software
6 affected componentsFixes available
Libarchive bsdtar<3.8.1
Microsoft cbl2 libarchive 3.6.1-7
Microsoft azl3 libarchive 3.7.7-3
Libarchive libarchive<=3.8.1
Microsoft azl3 libarchive 3.7.7-4
Microsoft cbl2 libarchive 3.6.1-8
Remediation
Patch Available
Event History
Nov 5, 2025
CVE Published
via MITRE·12:00 AM
Data Sourced
via MITRE·12:00 AM
Description
Data Sourced
via NVD·04:15 PM
RemedyDescriptionSeverityWeaknessAffected Software
Nov 11, 2025
Data Sourced
via Microsoft·01:01 AM
DescriptionSeverityWeaknessAffected Software
Updated
via Microsoft·01:01 AM
Affected Software
Updated
via Microsoft·09:01 AM
Affected Software
Updated
via Microsoft·09:01 AM
DescriptionSeverity
Frequently Asked Questions
1
What is the severity of CVE-2025-60753?
CVE-2025-60753 has a severity rating that can lead to denial of service due to unbounded memory allocation.
2
How do I fix CVE-2025-60753?
To fix CVE-2025-60753, upgrade libarchive bsdtar to version 3.8.1 or later.
3
Who is affected by CVE-2025-60753?
CVE-2025-60753 affects versions of libarchive bsdtar prior to 3.8.1.
4
What type of vulnerability is CVE-2025-60753?
CVE-2025-60753 is a denial of service vulnerability caused by crafted substitution rules.
5
What do I need to do if I'm using an affected version of libarchive bsdtar?
If using an affected version of libarchive bsdtar, it is crucial to upgrade to the latest version to mitigate the vulnerability.