CVE-2025-3445Path Traversal in Mholt Archiver V3 Github.com Mholt Archiver V3

CWE-22Path Traversal6 documents5 sources
Severity
8.1HIGHNVD
CNA6.1GHSA7.8OSV7.8
EPSS
0.7%
top 28.56%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Github.com Mholt Archiver V3 Github.com Mholt Archiver V3Github.com Mholt ArchiverGithub.com Mholt Archiver V3
Timeline
PublishedApr 13
Latest updateAug 5

Description

A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go. This vulnerability allows using a crafted ZIP file containing path traversal symlinks to create or overwrite files with the user's privileges or application utilizing the library. When using the archiver.Unarchive functionality with ZIP files, like this: archiver.Unarchive(zipFile, outputDir), A crafted ZIP file can be extracted in such a way that it writes files to the affected system with the same privilege

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:LExploitability: 2.2 | Impact: 5.3

Affected Packages3 packages

🔴Vulnerability Details

4
OSV
Vulnerable to Path Traversal via Crafted ZIP File in github.com/mholt/archiver2025-08-05
OSV
mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File2025-04-14
GHSA
mholt/archiver Vulnerable to Path Traversal via Crafted ZIP File2025-04-14
CVEList
CVE-2025-3445: A Path Traversal "Zip Slip" vulnerability has been identified in mholt/archiver in Go2025-04-13

📋Vendor Advisories

1
Red Hat
mholt/archiver: A Path Traversal "Zip Slip" vulnerability in mholt/archiver2025-04-13
CVE-2025-3445 — Path Traversal | cvebase