CVE-2025-48387: Critical tar-fs Vulnerability Exposes Millions to Arbitrary File Writes

A newly disclosed vulnerability in the widely used tar-fs NPM package has raised alarms across the software development community. Security researcher Caleb Brown uncovered a critical flaw, tracked as CVE-2025-48387, which allows attackers to exploit directory traversal via malicious tar files, resulting in arbitrary file writes outside the intended extraction directory.

According to the advisory, “NPM package tar-fs allows a malicious tar file to write arbitrary files outside the destination directory.” This flaw impacts multiple versions of tar-fs, including v3.0.8, v2.1.2, and v1.16.4, and has been confirmed on Linux systems with Node.js v18.19.1, v24.0.2, and NPM v9.2.0, v11.3.0.

The proof-of-concept (PoC) demonstrates how an attacker can overwrite files outside the extraction path. As the advisory details, “The tar file created in this PoC will modify the /home/username/flag/flag file… The tar file will also create /home/username/flag/newfile.”

The consequences are severe. Arbitrary file writes enable attackers to alter sensitive files, destroy data, and even achieve remote code execution under certain conditions. Brown warns: “Through the directory traversal arbitrary reads and writes are possible. Arbitrary reads allow an attacker to read sensitive data, while arbitrary writes allow an attacker to modify or destroy data, and in some cases arbitrary writes can be used to gain remote access, or run arbitrary code.”

This issue affects a huge ecosystem:

• v3.0.2 or later: 16,878 dependents, 8.5M weekly downloads
• v2.1.2: 38,934 dependents, 6.3M weekly downloads
• v1.16.4: 9,270 dependents, 194K weekly downloads

Notably, many of these dependencies stem from prebuild-install, amplifying the potential exposure.

The advisory notes that, “Given previous vulnerabilities CVE-2018-20835 and CVE-2024-12905, all versions of tar-fs are likely vulnerable to this bug.”

The overlap of hard link and symlink exploitation makes versions 3.0.2 through 3.0.8 particularly dangerous, as they are vulnerable to both attack vectors simultaneously.

The good news is that patched versions are already available:

• v3.0.9
• v2.1.3
• v1.16.5

Users and developers are strongly advised to update immediately. For projects unable to upgrade, mitigation measures should include restricting extraction of untrusted tar files and monitoring for suspicious file changes.

Related Posts:

• Python Tarfile Vulnerability (CVE-2025-8194) Allows DoS via Malicious Archives
• CRITICAL (CVSS 9.4) Python ‘tarfile’ Vulnerability: Arbitrary Filesystem Writes Possible!
• Vim Users Warned: Crafted TAR Files Could Trigger Code Execution (CVE-2025-27423)
• Discourse file upload bug could lead to RCE attacks