CVE-2025-5914
CVE Details
Visit the official vulnerability details page for CVE-2025-5914 to learn more.
Initial Publication
06/10/2025
Last Update
08/06/2025
Third Party Dependency
libarchive
NIST CVE Summary
A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.
CVE Severity
Our Official Summary
CVE-2025-5914 affects libarchive versions prior to 3.8.0. While systems using these versions are technically vulnerable, the risk in our context is low. The issue has been identified within a third-party container that operates in a restricted environment requiring privileged access. As such, the potential for exploitation is minimal, and the vulnerability does not permit arbitrary code execution in our deployment.
We are monitoring upstream developments and will incorporate the fix as soon as it is addressed by the container’s vendor.
Status
Open
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.8 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 06/26/2025 | Official summary added |
| 06/21/2025 | Advisory severity revised to CRITICAL from LOW |