AZL-59497 CVE-2025-31115 affecting package xz for versions less than 5.4.4-2

🗓️ 03 Apr 2025 17:15:30Reported by GoogleType

osv🔗 osv.dev👁 3 Views

CVE-2025-31115: XZ Utilities older than five four four dash two crash in multithreaded decoder due to use after free; fix in five eight one.

Reporter	Title	Published	Views	Family All 81
IBM Security Bulletins	Security Bulletin: A denial-of-service attack, heap use after free, network server exploit, and other vulnerabilities might affect IBM Storage Defender - Resiliency Service	8 Jul 202517:32	–	ibm
FreeBSD	FreeBSD -- Use-after-free in multi-threaded xz decoder	2 Jul 202500:00	–	freebsd
AlpineLinux	CVE-2025-31115	3 Apr 202516:57	–	alpinelinux
AstraLinux	Astra Linux - уязвимость в xz-utils	16 Jun 202511:28	–	astralinux
Tenable Nessus	Azure Linux 3.0 Security Update: xz (CVE-2025-31115)	22 Jan 202600:00	–	nessus
Tenable Nessus	Debian dsa-5895 : liblzma-dev - security update	15 May 202500:00	–	nessus
Tenable Nessus	Fedora 41 : perl-Compress-Raw-Lzma / xz (2025-051becf4f2)	10 May 202500:00	–	nessus
Tenable Nessus	Fedora 40 : perl-Compress-Raw-Lzma / xz (2025-4871b31998)	10 May 202500:00	–	nessus
Tenable Nessus	FreeBSD : FreeBSD -- Use-after-free in multi-threaded xz decoder (7642ba72-5abf-11f0-87ba-002590c1f29c)	7 Jul 202500:00	–	nessus
Tenable Nessus	GLSA-202504-01 : XZ Utils: Use after free	5 Apr 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-31115

21 Apr 2026 04:37Current

7High risk

Vulners AI Score7

CVSS 48.7

EPSS0.00041

SSVC