VDB
CVE-2025-31115
CVE-2025-31115
PUBLISHED
CVSS 7.5 HIGH
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases.
EPSS 0.04% · 13.2th percentile
Risk Scores
CVSS v3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.04%
13.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| ABB | B&R Industrial Automation GmbH MT50 <1.8.1 | |
| ABB | B&R Industrial Automation GmbH C80 <1.8.0 | |
| ABB | B&R Industrial Automation GmbH FT50 <1.8.1 | |
| ABB | B&R Industrial Automation GmbH T80 <1.8.0 | |
| ABB | B&R Industrial Automation GmbH PPC3100 <1.8.1 | |
| ABB | B&R Industrial Automation GmbH T30 <1.8.0 | |
| ABB | B&R Industrial Automation GmbH C50 <1.8.0 | |
| ABB | B&R Industrial Automation GmbH T50 <1.8.1 |
Timeline
- Jan 21, 1970 Security Advisory
- Apr 3, 2025 CVE Published
- Apr 4, 2025 EPSS Score
- Apr 17, 2025 EPSS Score
- Apr 30, 2025 EPSS Score
- May 12, 2025 EPSS Score
- May 25, 2025 EPSS Score
- Jun 7, 2025 EPSS Score
- Jun 7, 2025 Coalition ESS Score
- Jun 20, 2025 EPSS Score
- Jul 2, 2025 EPSS Score
- Jul 15, 2025 EPSS Score
References
- https://psirt.abb.com/csaf/2026/sa26p009.json advisory
- https://br-cws-assets.de-fra-1.linodeobjects.com/SA26P009-b2b4dd6d.pdf advisory
- https://www.br-automation.com/fileadmin/Cyber_Security_-_Defense_in_Depth_for_BR_Products-bdd37e82.pdf advisory
- https://nvd.nist.gov/vuln/detail/CVE-2025-31115 advisory