Busybox

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-60876 MEDIUM POC PATCH This Week

BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Busybox Redhat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2025-46394 LOW Monitor

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Busybox
NVD
CVSS 3.1
3.2
EPSS
0.1%
CVE-2025-60876
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Week

BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Busybox Redhat +1
NVD GitHub
CVE-2025-46394
EPSS 0% CVSS 3.2
LOW Monitor

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences. Rated low severity (CVSS 3.2), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Busybox
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy