Busybox CVE Vulnerabilities
By Busybox — 2 known vulnerabilities
Critical
0
High
0
Medium
1
Low
1
None
0
All Busybox CVEs
CVE-2025-60876
6.5
medium
BusyBox wget thru 1.3.7 accepted raw CR (0x0D)/LF (0x0A) and other C0 control bytes in the HTTP request-target (path/query), allowing the request line to be split and attacker-controlled headers to be injected. To preserve the HTTP/1.1 request-line shape METHOD SP request-target SP HTTP/1.1, a raw s
Nov 10, 2025
CVE-2025-46394
3.2
low
In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.
Apr 23, 2025