What is CVE-2025-31115?

CVE-2025-31115 is a vulnerability in Tukaani-project Xz, classified under Race Condition within a Thread. Published 2025-04-03.

Is CVE-2025-31115 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Tukaani-project Xz

CVE-2025-31115

XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects includ…

EPSS: 0.000 (12.8th percentile) — read the EPSS interpretation.

Affected products

Tukaani-project Xz — versions >= 5.3.3alpha, < 5.8.1

Weakness classification (CWE)

Public proof-of-concept exploits

References

security-advisories@github.com (x_refsource_CONFIRM)
security-advisories@github.com (x_refsource_MISC)
security-advisories@github.com (x_refsource_MISC)
af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108
af854a3a-2127-422b-91ae-364da2661108
0b142b55-0307-4c5a-b3c9-f314f3fb7c5e

Frequently asked questions

What is CVE-2025-31115?: CVE-2025-31115 is a vulnerability in Tukaani-project Xz, classified under Race Condition within a Thread. Published 2025-04-03.
Is CVE-2025-31115 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.