Researchers have identified a severe flaw in the async-tar Rust library, code-named TARmageddon, which could lead to remote code execution under certain conditions. This vulnerability affects several forks of the library, particularly the tokio-tar variant. The flaw was discovered by Edera in late August 2025, and it has been assigned a CVSS score of 8.1, indicating a high level of severity. Cybersecurity professionals are urged to address this vulnerability promptly to mitigate potential exploitation risks. Remediation actions may include patching or implementing improved security controls to prevent unauthorized access. As this library is commonly used in various applications, the implications of this flaw are widespread and could impact numerous projects reliant on the async-tar or its forks.
👉 Pročitaj original: The Hacker News
