How severe is CVE-2025-31115?

This vulnerability has a severity rating of HIGH with a CVSS score of N/A out of 10.

What type of vulnerability is CVE-2025-31115?

This is classified as CWE-366, which is a common weakness in software security.

CVE-2025-31115 - HIGH Severity | CVSS N/A

Vulnerability Description

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.

Related Vulnerabilities

CVE-2015-10067

HIGH

CVSS:8.1(High)

A vulnerability was found in oznetmaster SSharpSmartThreadPool. It has been classified as problematic. This affects an unknown part of the file SSharpSmartThreadPool/SmartThreadPool.cs. The manipulati...

CWE-3662015

CVE-2021-26569

HIGH

CVSS:8.1(High)

Race Condition within a Thread vulnerability in iscsi_snapshot_comm_core in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via crafted web re...

CWE-3662021

CVE-2024-10630

HIGH

CVSS:7.8(High)

A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality.

CWE-3662024

CVE-2022-1729

HIGH

CVSS:7.0(High)

A race condition was found the Linux kernel in perf_event_open() which can be exploited by an unprivileged user to gain root privileges. The bug allows to build several exploit primitives such as kern...

CWE-3662022

CVE-2023-3218

MEDIUM

CVSS:6.5(Medium)

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5.

CWE-3662023

CVE-2023-4127

MEDIUM

CVSS:6.5(Medium)

Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

CWE-3662023