A critical vulnerability dubbed TARmageddon (CVE-2025-62518) has been uncovered in the widely used async-tar Rust library and its derivative forks, including the popular tokio-tar.
The flaw, which carries a severity rating of 8.1 (High), allows attackers to execute remote code by overwriting configuration files and hijacking build backends through carefully crafted nested TAR archives.
The Edera security team discovered that the vulnerability affects major projects across the Python and web development ecosystems, including Astral’s uv package manager, testcontainers, and wasmCloud.
The affected tokio-tar library alone has accumulated over 5 million downloads on crates.io, making the potential blast radius of this vulnerability enormous and difficult to fully quantify.
The Abandonware Challenge
What makes TARmageddon particularly concerning is not just its technical severity, but the coordination nightmare it created for responsible disclosure.
The most popular fork, tokio-tar, appears to be abandonware no longer actively maintained by its original developers.
This forced security researchers into an unprecedented decentralized disclosure process across a complex fork lineage, requiring them to identify unmaintained project maintainers through “social engineering and community sleuthing” due to the absence of security contacts.
The active forks have now been successfully patched, and Astral has taken over maintenance of astral-tokio-tar as the recommended replacement.
However, the original tokio-tar remains unpatched, leaving its 5 million downstream users vulnerable unless they proactively upgrade or migrate to maintained alternatives.
The vulnerability stems from a desynchronization flaw in how the parser handles nested TAR files with mismatched PAX extended headers and ustar headers.
When processing a TAR file, the vulnerable parser incorrectly advances the stream position based on the ustar size (often set to 0) instead of the actual file size specified in the PAX header.
This causes the parser to fail to skip over the actual file data and instead interpret headers from a hidden inner archive as legitimate outer archive entries.
An attacker can exploit this by crafting a TAR archive where the outer layer contains legitimate files while a hidden inner layer contains malicious payloads.
When extracted, the parser incorrectly merges both layers, allowing the attacker to overwrite configuration files or inject malicious build backend scripts.
The vulnerability enables three primary attack vectors.
In Python build backend hijacking, malicious packages uploaded to PyPI could contain legitimate outer files alongside hidden inner archives with malicious build configurations, compromising developer machines and CI systems during installation.
Container image poisoning could affect testing frameworks like Testcontainers by introducing unexpected files into test environments.
Additionally, the flaw bypasses security scanning controls by allowing attackers to hide files from initial approval scans while injecting them during extraction.
The Edera team has released patches requiring TAR parsers to prioritize PAX headers over ustar headers for size determination, validate header consistency, and implement strict boundary checking.
Developers should immediately upgrade to patched versions, particularly astral-tokio-tar if using uv.
For organizations unable to patch immediately, alternatives include migrating to the standard tar crate or implementing runtime mitigations such as post-extraction directory scanning and file count validation.
The discovery underscores a critical lesson: Rust’s memory safety guarantees do not eliminate logic bugs.
As popular open-source projects become unmaintained, they continue exposing millions of downstream users to risk, emphasizing the need for defense-in-depth security strategies and proactive library maintenance within the ecosystem.
Cyber Awareness Month Offer: Upskill With 100+ Premium Cybersecurity Courses From EHA's Diamond Membership: Join Today