Advisory for a security update to the astral-tokio-tar library (CVE-2025-62518)

Dec 02 2025

Overview

We have released a security update to address a vulnerability in the astral-tokio-tar library. Users of affected products are advised to update to the latest version.

Affected Products

CVE-2025-62518

Astral-tokio-tar version: 0.5.5 and earlier

Resolved Vulnerabilities

PAX Header Desynchronization Vulnerability in astral-tokio-tar (CVE-2025-62518)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2025-62518

Astral-tokio-tar version: 0.5.6

References

[1] PAX Header Desynchronization in astral-tokio-tar
https://github.com/astral-sh/tokio-tar/security/advisories/GHSA-j5gw-2vrg-8fgx

Advisory for a security update to the astral-tokio-tar library (CVE-2025-62518)

ICTBroadcast Security Update Advisory (CVE-2025-2611)

ConnectWise Product Security Update Advisory

Tags:

ICTBroadcast Security Update Advisory (CVE-2025-2611)

ConnectWise Product Security Update Advisory