Vulnerability-Lookup

CVE-2025-46394 (GCVE-0-2025-46394)

Vulnerability from cvelistv5 – Published: 2025-04-23 00:00 – Updated: 2026-06-02 13:00

Summary

In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.

Severity

3.2 (Low)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-451 - User Interface (UI) Misrepresentation of Critical Information

Assigner

mitre

References

6 references

URL	Tags
https://bugs.busybox.net/show_bug.cgi?id=16018
https://www.busybox.net/downloads/
https://www.busybox.net
http://www.openwall.com/lists/oss-security/2025/04/23/5
http://www.openwall.com/lists/oss-security/2025/04/24/3
https://cert-portal.siemens.com/productcert/html/…

Impacted products

2 products

Vendor	Product	Version
BusyBox	BusyBox	Affected: 0 , ≤ 1.37.0 (semver)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V4.0 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-46394",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T15:43:05.329877Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T15:43:19.302Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-04-24T20:03:24.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/23/5"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/04/24/3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V4.0",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-02T13:00:23.218Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-253495.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "BusyBox",
          "vendor": "BusyBox",
          "versions": [
            {
              "lessThanOrEqual": "1.37.0",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*",
                  "versionEndIncluding": "1.37.0",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 3.2,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-451",
              "description": "CWE-451 User Interface (UI) Misrepresentation of Critical Information",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-04-23T15:31:01.192Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://bugs.busybox.net/show_bug.cgi?id=16018"
        },
        {
          "url": "https://www.busybox.net/downloads/"
        },
        {
          "url": "https://www.busybox.net"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-46394",
    "datePublished": "2025-04-23T00:00:00.000Z",
    "dateReserved": "2025-04-23T00:00:00.000Z",
    "dateUpdated": "2026-06-02T13:00:23.218Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-46394",
      "date": "2026-06-05",
      "epss": "0.00065",
      "percentile": "0.20452"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-46394\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-04-23T16:15:48.713\",\"lastModified\":\"2026-06-02T14:16:33.693\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.\"},{\"lang\":\"es\",\"value\":\"En tar en BusyBox hasta 1.37.0, un archivo TAR puede tener nombres de archivo ocultos en una lista mediante el uso de secuencias de escape de terminal.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N\",\"baseScore\":3.2,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.4,\"impactScore\":1.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N\",\"baseScore\":3.3,\"baseSeverity\":\"LOW\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":1.4}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-451\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.37.0\",\"matchCriteriaId\":\"D0BD983A-697D-4431-90F9-31956863BD41\"}]}]}],\"references\":[{\"url\":\"https://bugs.busybox.net/show_bug.cgi?id=16018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://www.busybox.net\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://www.busybox.net/downloads/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/23/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/04/24/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/23/5\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/04/24/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-04-24T20:03:24.126Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"RUGGEDCOM RST2428P\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V4.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-253495.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-06-02T13:00:23.218Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-46394\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T15:43:05.329877Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T15:43:08.142Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 3.2, \"baseSeverity\": \"LOW\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N\"}}], \"affected\": [{\"vendor\": \"BusyBox\", \"product\": \"BusyBox\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"1.37.0\"}], \"defaultStatus\": \"unknown\"}], \"references\": [{\"url\": \"https://bugs.busybox.net/show_bug.cgi?id=16018\"}, {\"url\": \"https://www.busybox.net/downloads/\"}, {\"url\": \"https://www.busybox.net\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-451\", \"description\": \"CWE-451 User Interface (UI) Misrepresentation of Critical Information\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:busybox:busybox:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndIncluding\": \"1.37.0\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-04-23T15:31:01.192Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-46394\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-02T13:00:23.218Z\", \"dateReserved\": \"2025-04-23T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-04-23T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

SUSE-SU-2026:20134-1

Vulnerability from csaf_suse - Published: 2026-01-22 16:57 - Updated: 2026-01-22 16:57

Summary

Security update for busybox

Severity

Important

Notes

Title of the patch: Security update for busybox

Description of the patch: This update for busybox fixes the following issues: Security fixes: - CVE-2025-60876: HTTP request header injection in wget (bsc#1253245). - CVE-2025-46394: Fixed tar hidden files via escape sequence (bsc#1241661). Other fixes: - Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670) - Fix unshare -mrpf sh core dump on ppc64le (bsc#1249237)

Patchnames: SUSE-SLES-16.0-179

CVE-2025-46394

6.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2025-60876

8 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64	—	Vendor Fix
Unresolved product id: SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64	—	Vendor Fix

Threats

Impact important

References

14 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/s…	self
https://www.suse.com/support/update/announcement/…	self
https://lists.suse.com/pipermail/sle-updates/2026…	self
https://bugzilla.suse.com/1236670	self
https://bugzilla.suse.com/1241661	self
https://bugzilla.suse.com/1249237	self
https://bugzilla.suse.com/1253245	self
https://www.suse.com/security/cve/CVE-2025-46394/	self
https://www.suse.com/security/cve/CVE-2025-60876/	self
https://www.suse.com/security/cve/CVE-2025-46394	external
https://bugzilla.suse.com/1241661	external
https://www.suse.com/security/cve/CVE-2025-60876	external
https://bugzilla.suse.com/1253245	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for busybox",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for busybox fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2025-60876: HTTP request header injection in wget (bsc#1253245).\n- CVE-2025-46394: Fixed tar hidden files via escape sequence (bsc#1241661).\n\nOther fixes:\n\n- Set CONFIG_FIRST_SYSTEM_ID to 201 to avoid confclict (bsc#1236670)\n- Fix unshare -mrpf sh core dump on  ppc64le (bsc#1249237)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-SLES-16.0-179",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_20134-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2026:20134-1",
        "url": "https://www.suse.com/support/update/announcement/2026/suse-su-202620134-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2026:20134-1",
        "url": "https://lists.suse.com/pipermail/sle-updates/2026-January/043737.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1236670",
        "url": "https://bugzilla.suse.com/1236670"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1241661",
        "url": "https://bugzilla.suse.com/1241661"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249237",
        "url": "https://bugzilla.suse.com/1249237"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1253245",
        "url": "https://bugzilla.suse.com/1253245"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-46394 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-46394/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-60876 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-60876/"
      }
    ],
    "title": "Security update for busybox",
    "tracking": {
      "current_release_date": "2026-01-22T16:57:46Z",
      "generator": {
        "date": "2026-01-22T16:57:46Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2026:20134-1",
      "initial_release_date": "2026-01-22T16:57:46Z",
      "revision_history": [
        {
          "date": "2026-01-22T16:57:46Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "busybox-1.37.0-160000.4.1.aarch64",
                "product": {
                  "name": "busybox-1.37.0-160000.4.1.aarch64",
                  "product_id": "busybox-1.37.0-160000.4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-static-1.37.0-160000.4.1.aarch64",
                "product": {
                  "name": "busybox-static-1.37.0-160000.4.1.aarch64",
                  "product_id": "busybox-static-1.37.0-160000.4.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-warewulf3-1.37.0-160000.4.1.aarch64",
                "product": {
                  "name": "busybox-warewulf3-1.37.0-160000.4.1.aarch64",
                  "product_id": "busybox-warewulf3-1.37.0-160000.4.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "busybox-1.37.0-160000.4.1.ppc64le",
                "product": {
                  "name": "busybox-1.37.0-160000.4.1.ppc64le",
                  "product_id": "busybox-1.37.0-160000.4.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-static-1.37.0-160000.4.1.ppc64le",
                "product": {
                  "name": "busybox-static-1.37.0-160000.4.1.ppc64le",
                  "product_id": "busybox-static-1.37.0-160000.4.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "busybox-1.37.0-160000.4.1.s390x",
                "product": {
                  "name": "busybox-1.37.0-160000.4.1.s390x",
                  "product_id": "busybox-1.37.0-160000.4.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-static-1.37.0-160000.4.1.s390x",
                "product": {
                  "name": "busybox-static-1.37.0-160000.4.1.s390x",
                  "product_id": "busybox-static-1.37.0-160000.4.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "busybox-1.37.0-160000.4.1.x86_64",
                "product": {
                  "name": "busybox-1.37.0-160000.4.1.x86_64",
                  "product_id": "busybox-1.37.0-160000.4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-static-1.37.0-160000.4.1.x86_64",
                "product": {
                  "name": "busybox-static-1.37.0-160000.4.1.x86_64",
                  "product_id": "busybox-static-1.37.0-160000.4.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "busybox-warewulf3-1.37.0-160000.4.1.x86_64",
                "product": {
                  "name": "busybox-warewulf3-1.37.0-160000.4.1.x86_64",
                  "product_id": "busybox-warewulf3-1.37.0-160000.4.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server 16.0",
                  "product_id": "SUSE Linux Enterprise Server 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                "product": {
                  "name": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sles:16:16.0:server-sap"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.s390x as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-warewulf3-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-warewulf3-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-warewulf3-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server 16.0",
          "product_id": "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-warewulf3-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.ppc64le as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.s390x as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-static-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-static-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-warewulf3-1.37.0-160000.4.1.aarch64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64"
        },
        "product_reference": "busybox-warewulf3-1.37.0-160000.4.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "busybox-warewulf3-1.37.0-160000.4.1.x86_64 as component of SUSE Linux Enterprise Server for SAP applications 16.0",
          "product_id": "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
        },
        "product_reference": "busybox-warewulf3-1.37.0-160000.4.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Server for SAP applications 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-46394",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-46394"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-46394",
          "url": "https://www.suse.com/security/cve/CVE-2025-46394"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1241661 for CVE-2025-46394",
          "url": "https://bugzilla.suse.com/1241661"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-22T16:57:46Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2025-46394"
    },
    {
      "cve": "CVE-2025-60876",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-60876"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw space (0x20) in the request-target must also be rejected (clients should use %20).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
          "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-60876",
          "url": "https://www.suse.com/security/cve/CVE-2025-60876"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1253245 for CVE-2025-60876",
          "url": "https://bugzilla.suse.com/1253245"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.ppc64le",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.s390x",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-static-1.37.0-160000.4.1.x86_64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.aarch64",
            "SUSE Linux Enterprise Server for SAP applications 16.0:busybox-warewulf3-1.37.0-160000.4.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2026-01-22T16:57:46Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-60876"
    }
  ]
}

WID-SEC-W-2025-0879

Vulnerability from csaf_certbund - Published: 2025-04-23 22:00 - Updated: 2025-12-21 23:00

Summary

BusyBox: Mehrere Schwachstellen

Severity

Niedrig

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BusyBox ist ein Computerprogramm, das verschiedene Standard-Unix-Dienstprogramme in einem einzelnen Programm vereint.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in BusyBox ausnutzen, um einen Denial of Service Angriff durchzuführen und um Dateien zu manipulieren.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2024-58251

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source BusyBox <=1.37.0 Open Source / BusyBox		<=1.37.0

CVE-2025-46394

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
SUSE openSUSE SUSE	`cpe:/o:suse:opensuse:-`	—
F5 BIG-IP F5	`cpe:/a:f5:big-ip:-`	—

Last affected 1 product

Product	Identifier	Version	Remediation
Open Source BusyBox <=1.37.0 Open Source / BusyBox		<=1.37.0

References

9 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://github.com/advisories/GHSA-rrv5-483w-xmr9	external
https://bugs.busybox.net/show_bug.cgi?id=15922	external
https://github.com/advisories/GHSA-wp4q-9jq4-gv74	external
https://bugs.busybox.net/show_bug.cgi?id=16018	external
https://my.f5.com/manage/s/article/K000152680	external
https://my.f5.com/manage/s/article/K000152678	external
https://lists.opensuse.org/archives/list/security…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "niedrig"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BusyBox ist ein Computerprogramm, das verschiedene Standard-Unix-Dienstprogramme in einem einzelnen Programm vereint.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in BusyBox ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren und um Dateien zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-0879 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-0879.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-0879 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0879"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-rrv5-483w-xmr9 vom 2025-04-23",
        "url": "https://github.com/advisories/GHSA-rrv5-483w-xmr9"
      },
      {
        "category": "external",
        "summary": "Busybox Bugtracker #15922 vom 2025-04-23",
        "url": "https://bugs.busybox.net/show_bug.cgi?id=15922"
      },
      {
        "category": "external",
        "summary": "GitHub Security Advisory GHSA-wp4q-9jq4-gv74 vom 2025-04-23",
        "url": "https://github.com/advisories/GHSA-wp4q-9jq4-gv74"
      },
      {
        "category": "external",
        "summary": "Busybox Bugtracker #16018 vom 2025-04-23",
        "url": "https://bugs.busybox.net/show_bug.cgi?id=16018"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000152680 vom 2025-07-23",
        "url": "https://my.f5.com/manage/s/article/K000152680"
      },
      {
        "category": "external",
        "summary": "F5 Security Advisory K000152678 vom 2025-07-23",
        "url": "https://my.f5.com/manage/s/article/K000152678"
      },
      {
        "category": "external",
        "summary": "openSUSE Security Update OPENSUSE-SU-2025:15834-1 vom 2025-12-21",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LTKVBOP2Y6C2BRC4YNC3WGRFG37ETLK6/"
      }
    ],
    "source_lang": "en-US",
    "title": "BusyBox: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-12-21T23:00:00.000+00:00",
      "generator": {
        "date": "2025-12-22T09:11:09.476+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.5.0"
        }
      },
      "id": "WID-SEC-W-2025-0879",
      "initial_release_date": "2025-04-23T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2025-04-23T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2025-07-23T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von F5 aufgenommen"
        },
        {
          "date": "2025-12-21T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von openSUSE aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "F5 BIG-IP",
            "product": {
              "name": "F5 BIG-IP",
              "product_id": "T001663",
              "product_identification_helper": {
                "cpe": "cpe:/a:f5:big-ip:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "F5"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=1.37.0",
                "product": {
                  "name": "Open Source BusyBox \u003c=1.37.0",
                  "product_id": "T043133"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=1.37.0",
                "product": {
                  "name": "Open Source BusyBox \u003c=1.37.0",
                  "product_id": "T043133-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "BusyBox"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE openSUSE",
            "product": {
              "name": "SUSE openSUSE",
              "product_id": "T027843",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:opensuse:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-58251",
      "product_status": {
        "known_affected": [
          "T027843",
          "T001663"
        ],
        "last_affected": [
          "T043133"
        ]
      },
      "release_date": "2025-04-23T22:00:00.000+00:00",
      "title": "CVE-2024-58251"
    },
    {
      "cve": "CVE-2025-46394",
      "product_status": {
        "known_affected": [
          "T027843",
          "T001663"
        ],
        "last_affected": [
          "T043133"
        ]
      },
      "release_date": "2025-04-23T22:00:00.000+00:00",
      "title": "CVE-2025-46394"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-46394 (GCVE-0-2025-46394)

SUSE-SU-2026:20134-1

WID-SEC-W-2025-0879

Tags

Sightings

Nomenclature