CVE-2025-5917 is a security vulnerability identified in the libarchive library, a widely used tool for reading and writing various archive formats. The vulnerability arises from an off-by-one miscalculation when processing prefixes and suffixes in file names, which results in a 1-byte out-of-bounds write. This overflow can overwrite adjacent memory, potentially leading to memory corruption. While a single byte overflow might seem minor, it can cause unpredictable program behavior such as crashes or, under specific conditions, be leveraged as a primitive for more complex exploits. The flaw affects all libarchive versions prior to 3.8.0 and has been observed in Red Hat Enterprise Linux 10. The vulnerability requires local access with low privileges and user interaction, limiting remote exploitation. The CVSS v3.1 base score is 2.8, reflecting low severity due to limited impact on confidentiality and integrity, and only availability being affected through potential crashes. No public exploits or active exploitation have been reported. The vulnerability's root cause is a boundary check error during string handling, which is a common source of memory corruption bugs. Remediation involves updating libarchive to version 3.8.0 or later where this issue has been fixed.

The primary impact of CVE-2025-5917 is potential denial of service through application crashes caused by memory corruption from the 1-byte overflow. While the vulnerability does not directly compromise confidentiality or integrity, the corrupted memory could lead to unpredictable behavior, which in some scenarios might be chained with other vulnerabilities to escalate privileges or execute arbitrary code. However, given the requirement for local privileges and user interaction, the attack surface is limited. Organizations running software that relies on libarchive for archive extraction, especially on Red Hat Enterprise Linux 10 and similar distributions, may experience instability or crashes if exploited. The lack of known exploits in the wild reduces immediate risk, but the vulnerability could be leveraged in targeted attacks against systems where local access is possible. Overall, the impact is low but non-negligible, particularly in environments where stability and availability are critical.

To mitigate CVE-2025-5917, organizations should promptly update libarchive to version 3.8.0 or later, where the off-by-one overflow has been corrected. System administrators should verify the version of libarchive installed on their systems, especially on Red Hat Enterprise Linux 10 deployments, and apply vendor patches as soon as they become available. Additionally, restricting local user privileges and limiting user interaction with untrusted archive files can reduce the risk of exploitation. Employing application whitelisting and sandboxing techniques for archive extraction utilities can further contain potential crashes or memory corruption effects. Monitoring system logs for unusual crashes or behavior related to archive handling may help detect attempted exploitation. Finally, integrating libarchive updates into regular patch management cycles ensures timely remediation of this and similar vulnerabilities.