OESA-2025-1884 — Vulnetix

OESA-2025-1884 PUBLISHED CVSS 8.699999809265137 HIGH

BusyBox combines tiny versions of many common UNIX utilities into a single small executable. It provides replacements for most of the utilities you usually find in GNU fileutils, shellutils, etc. It provides a fairly complete environment for any small or embedded system. Security Fix(es): An issue in the CPIO command of Busybox v1.33.2 allows attackers to execute a directory traversal.(CVE-2023-39810) In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.(CVE-2025-46394)

Risk Scores

CVSS v4.0

8.699999809265137

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
openEuler:20.03-LTS-SP4	busybox	0, 0

Timeline

Jul 25, 2025 CVE Published
Sep 3, 2025 CVE Updated
May 2, 2026 Security Advisory
May 2, 2026 Security Advisory

References

https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1884 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-39810 advisory
https://nvd.nist.gov/vuln/detail/CVE-2025-46394 advisory

Open in Interactive Console →