SYSTEMATIC CYBERSECURITY RISKS IN END-OF-LIFE OPEN-SOURCE SOFTWARE: EVIDENCE FROM THE TARMAGEDDON VULNERABILITY

Authors

Sergii Demianchuk Independent researcher https://orcid.org/0009-0000-2838-9052

DOI:

https://doi.org/10.30890/2567-5273.2025-41-01-077

Keywords:

TARmageddon, CVE-2025-62518, End-of-Life, EoL, abandonware, tokio-tar, vulnerability management, opensource security, supply chain security, software lifecycle, OpenEoX

Abstract

The exponential growth of the open-source software (OSS) ecosystem, characterized by increasing corporate-communal engagement patterns, has created unprecedented challenges in managing software lifecycles, particularly when projects reach end-of-life (EoL

References

Demianchuk, Sergii (2025). Cybersecurity-Driven Approach to End-of-Life Software Management: Addressing Vulnerability Risks Through Standardized EoL Protocols. Future in the Results of Modern Scientific Research '2025", 40, 25–30. https://doi.org/10.30890/2709-1783.2025-40-00-026

NVD (2025) National Vulnerability Database. https://nvd.nist.gov/

Zenla, A. (2025, October 21). Tarmageddon (CVE-2025-62518): RCE vulnerability highlights the challenges of Open source abandonware: Edera blog. Edera. https://edera.dev/stories/tarmageddon

XEOL, "End-of-Life Software and Compliance," XEOL Blog. [Online]. Available: https://www.xeol.io/post/end-of-life-software-and-compliance.

Santos, O., Schmidt, T., Roguski, P., Middlekauff, A., Cao, F., Demianchuk, S., Rock, L., Murphy, J., Hagen, S., Chari, S., & Schaffer, T. (2025, April 24). OpenEoX: A standardized framework for managing End of Life and other product lifecycle information [Technical report]. OASIS Open. https://docs.oasis-open.org/openeox/standardization-framework/openeox-standardization-framework-technical-report.pdf

Gitlab Inc. (2025, October 21). CVE-2025-62518: Astral-tokio-tar vulnerable to pax header desynchronization. GitLab Advisory Database. https://advisories.gitlab.com/pkg/cargo/astral-tokio-tar/CVE-2025-62518/

Assaad, Z., & Henein, M. (2022). End-of-life of software: How is it defined and managed? arXiv. https://doi.org/10.48550/arXiv.2204.03800

McGraw, G. (2004). Software Security. IEEE Computer Society, 4, 1540–7993.

Santos, O. (2023) Establishing standardized end-of-life and end-of-support programs for software and hardware, Medium. https://becomingahacker.org/establishing-standardized-end-of-life-and-end-of-support-programs-for-software-and-hardware-e3e231898e02

Common vulnerabilities and exposures (CVE) (2025) CVE. https://cve.mitre.org/

Common weakness enumeration (2025) CWE. https://cwe.mitre.org/

OFFSEC’s Exploit Database Archive (2025) Exploit Database. https://www.exploit-db.com/

Downloads

Published

2025-10-30

How to Cite

Дем’янчук, С. (2025). SYSTEMATIC CYBERSECURITY RISKS IN END-OF-LIFE OPEN-SOURCE SOFTWARE: EVIDENCE FROM THE TARMAGEDDON VULNERABILITY. Modern Engineering and Innovative Technologies, 1(41-01), 219–232. https://doi.org/10.30890/2567-5273.2025-41-01-077