CVE-2025-64118 vulnerabilities

🗓️ 04 Nov 2025 13:49:16Reported by ChainguardType

cgr

cgr🔗 packages.cgr.dev👁 3 Views

CVE-2025-64118 vulnerabilities affecting the renovate package on Unix systems.

Reporter	Title	Published	Views	Family All 40
IBM Security Bulletins	Security Bulletin: Uninitialized Memory Exposure in node-tar list/t Sync Mode When Tar File Is Modified During Read affect IBM watsonx.data	20 Mar 202608:20	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service [CVE-2025-64118]	26 Nov 202516:36	–	ibm
IBM Security Bulletins	Security Bulletin: Security vulnerabilities have been found in IBM Verify Identity Access Digital Credentials (CVE-2025-56200, CVE-2025-64118, CVE-2025-59343)	9 Jan 202600:45	–	ibm
IBM Security Bulletins	Security Bulletin: There are multiple vulnerabilities that can affect IBM Fusion	19 Dec 202520:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise is vulnerable to multiple vulnerabilities due to different node modules (CVE-2025-57350,CVE-2025-56200 & CVE-2025-64118)	26 Nov 202510:31	–	ibm
Circl	CVE-2025-64118	30 Oct 202519:55	–	circl
CNNVD	node-tar 安全漏洞	30 Oct 202500:00	–	cnnvd
CVE	CVE-2025-64118	30 Oct 202517:50	–	cve
Cvelist	CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure	30 Oct 202517:50	–	cvelist
Debian CVE	CVE-2025-64118	30 Oct 202517:50	–	debiancve

OS	OS Version	Architecture	Package	Package Version	Filename
wolfi	any	x86_64	node-gyp	12.0.0-r0	node-gyp-12.0.0-r0.apk
wolfi	any	aarch64	node-gyp	12.0.0-r0	node-gyp-12.0.0-r0.apk
wolfi	any	x86_64	renovate	41.169.3-r0	renovate-41.169.3-r0.apk
wolfi	any	aarch64	renovate	41.169.3-r0	renovate-41.169.3-r0.apk

07 Jun 2026 07:18Current

6.4Medium risk

Vulners AI Score6.4

CVSS 46.1

EPSS0.00005

SSVC

vulnerability 2025 64118 renovate package unix systems