How to fix CVE-2025-5914?

Within 24 hours: Identify all systems and applications using libarchive and assess exposure to untrusted archive inputs. Within 7 days: Implement compensating controls (disable archive processing if non-essential, restrict file uploads, implement strict input validation). Within 30 days: Monitor vendor advisories for patch release and establish expedited testing/deployment procedures.

Is Enterprise Linux affected by CVE-2025-5914?

A critical vulnerability in libarchive (CVE-2025-5914) allows attackers to execute arbitrary code or crash systems through specially crafted archive files.

CVE-2025-5914

EUVD-2025-17572 HIGH

2025-06-09 [email protected]

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 19:21 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 19:21 euvd

EUVD-2025-17572

PoC Detected

Feb 05, 2026 - 20:15 vuln.today

Public exploit code

CVE Published

Jun 09, 2025 - 20:15 nvd

HIGH 7.8

Description

A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.

Analysis

CVE-2025-5914 is an integer overflow vulnerability in libarchive's archive_read_format_rar_seek_data() function that leads to a double-free memory corruption condition. This affects all users of libarchive who process untrusted RAR archive files, potentially allowing arbitrary code execution or denial-of-service with user interaction (opening a malicious RAR file). While no KEV listing or confirmed public exploits are currently documented, the high CVSS score (7.8) and memory safety nature of the vulnerability indicate significant real-world risk if weaponized.

Technical Context

libarchive is a widely-used open-source library for reading and writing archive formats (TAR, ZIP, RAR, etc.), integrated into numerous applications and operating systems. The vulnerability exists in the RAR format handler, specifically the archive_read_format_rar_seek_data() function, which processes seek operations within RAR archives. An integer overflow (CWE-190) in size calculations causes incorrect memory allocation or boundary checks, subsequently leading to a double-free condition (CWE-415) when the same memory region is freed multiple times. This is a classic memory safety defect: an attacker crafts a malicious RAR file with specific seek offset values that overflow, causing the library to free previously-freed memory when processing the archive. CPE affected: cpe:2.3:a:libarchive:libarchive:*:*:*:*:*:*:*:* (all versions prior to patch).

Affected Products

libarchive versions prior to the patched release (specific version number not provided in source data; typically all stable releases <3.7.x or similar depending on project versioning). Products affected include: tar(1) on systems using libarchive backend, bsdtar, Chromium/Chrome (uses libarchive), macOS (System Integrity Protection tools), FreeBSD base system, Homebrew, 7-Zip, WinRAR (if using libarchive components), and any custom application linking libarchive. Package managers and automated backup/extraction tools are at elevated risk. Vendors: libarchive maintainers (GitHub: libarchive/libarchive), BSD project, Chromium Security Team, Apple, and downstream distributors (Debian, Ubuntu, Red Hat, etc.).

Remediation

1) IMMEDIATE: Update libarchive to the first patched version (typically 3.7.1 or later, pending official release note—consult libarchive GitHub releases). 2) For distributions: Apply security updates from your vendor (Ubuntu, Debian, Red Hat, etc.) when available. 3) TEMPORARY WORKAROUNDS: Disable RAR format support if possible in applications, restrict archive processing to trusted sources only, or sandbox archive extraction in isolated containers. 4) CODE REVIEW: Applications should validate RAR archives before processing and consider input sanitization. Vendor advisory expected from libarchive maintainers on GitHub; check https://github.com/libarchive/libarchive/security/advisories and vendor-specific security pages (Apple Security Updates, Chromium Security, Red Hat CVE details).

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: +20

Vendor Status

Ubuntu

Priority: Medium

libarchive

Release	Status	Version
bionic	needed	-
focal	needed	-
upstream	needs-triage	-
jammy	released	3.6.0-1ubuntu1.5
noble	released	3.7.2-2ubuntu0.5
oracular	released	3.7.4-1ubuntu0.3
trusty	needed	-
xenial	needed	-
plucky	released	3.7.7-0ubuntu2.3
questing	released	3.7.7-0ubuntu3

USN-7601-1

Debian

Bug #1107621

libarchive

Release	Status	Fixed Version	Urgency
bullseye	fixed	3.4.3-2+deb11u3	-
bullseye (security)	fixed	3.4.3-2+deb11u3	-
bookworm	fixed	3.6.2-1+deb12u3	-
bookworm (security)	vulnerable	3.6.2-1+deb12u2	-
trixie	fixed	3.7.4-4	-
forky, sid	fixed	3.8.5-1	-
(unstable)	fixed	3.7.4-4	-

DLA-4368-1

CVE-2025-5914 vulnerability details – vuln.today

Back

CVE-2025-5914

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-5914

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code