Which versions of Lrzip are affected by CVE-2025-15570?

Organizations using ckolivas lrzip should be aware of moderate risk from CVE-2025-15570, a buffer overflow vulnerability rated CVSS 5.3.

Is there a public PoC exploit available for CVE-2025-15570?

Yes, a public proof-of-concept exploit is available for CVE-2025-15570. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-15570?

Within 30 days: Identify affected systems running ckolivas lrzip and apply vendor patches as part of regular patch cycle. Monitor vendor channels for patch availability.

Lrzip CVE-2025-15570

Q: What is the CVSS score of CVE-2025-15570?

CVE-2025-15570 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

LOW

Buffer Overflow (CWE-119)

2026-02-10 cna@vuldb.com

Buffer Overflow Denial Of Service Lrzip

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

SUSE

4.3 MEDIUM

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

Severity Changed

Apr 29, 2026 - 01:11 NVD

MEDIUM LOW

CVSS changed

Apr 29, 2026 - 01:11 NVD

5.3 (MEDIUM) 1.9 (LOW)

Analysis Generated

Mar 12, 2026 - 22:02 vuln.today

PoC Detected

Feb 27, 2026 - 18:13 vuln.today

Public exploit code

CVE Published

Feb 10, 2026 - 14:16 nvd

MEDIUM 5.3

DescriptionCVE.org

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. [CVSS 5.3 MEDIUM]

Technical ContextAI

Classified as CWE-119 (Buffer Overflow). Affects Lrzip. A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

RemediationAI

Monitor vendor advisories for a patch. Enable ASLR, DEP/NX, and stack canaries where possible.

Vendor StatusVendor

SUSE

Severity: Medium

CVE-2025-15570 vulnerability details – vuln.today

Back

Lrzip CVE-2025-15570

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

AnalysisAI

Technical ContextAI

RemediationAI

Vendor StatusVendor

SUSE

Share

External POC / Exploit Code