A critical vulnerability (CVE-2025-62518) was discovered in an abandoned Rust library, affecting widely-used forks like tokio-tar used in build systems and distribution tools. The flaw allows remote code execution and highlights risks in open-source projects, especially when maintenance ceases. #Rust #tokio-tar
Keypoints
- A high-severity vulnerability was found in an early Rust open-source async tar library.
- The flaw affects popular forks like tokio-tar, with over 5 million downloads on crates.io.
- The vulnerability enables remote code execution through file overwriting, posing widespread risks.
- Discovered shortly after Ederaβs internal development, patches were quickly distributed to affected projects.
- The incident underscores the dangers of abandoned open-source projects and systemic security risks.
Read More: https://cyberscoop.com/async-tar-rust-open-source-vulnerability/