Cyber Resilience

CVE-2025-15570

LowPublic PoC

Published: 10 February 2026

Published
10 February 2026
Modified
06 May 2026
KEV Added
Patch
CVSS Score v4 1.9 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0001 1.1th percentile
Risk Priority 4 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-15570 is a low-severity Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) vulnerability in Ckolivas Lrzip. Its CVSS base score is 1.9 (Low).

Operationally, ranked at the 1.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and CM-7 (Least Functionality).

Deeper analysis

CVE-2025-15570 is a use-after-free vulnerability (CWE-416, CWE-119) in ckolivas lrzip versions up to 0.651, affecting the lzma_decompress_buf function in stream.c. The issue arises from improper memory handling during decompression, with a CVSS v3.1 base score of 5.3 (AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). It was published on 2026-02-10.

Exploitation requires local access with low privileges, allowing an attacker to manipulate input to the affected function and trigger the use-after-free condition. Successful exploitation could result in limited disclosure of sensitive information, modification of data, or denial of service, though impacts are confined due to the lack of privilege escalation or scope change. A proof-of-concept exploit is publicly available.

No patches or official mitigations are available, as the project maintainers were notified early via GitHub issue #262 but have not responded. Security practitioners should monitor the lrzip repository for updates and consider avoiding untrusted inputs to lrzip decompression in local environments. The public PoC increases the risk of targeted local attacks.

EU & UK References

Vulnerability details

A vulnerability was found in ckolivas lrzip up to 0.651. This impacts the function lzma_decompress_buf of the file stream.c. Performing a manipulation results in use after free. Attacking locally is a requirement. The exploit has been made public and could…

more

be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

Insufficient information to map techniques.
Confidence: LOW · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-3847Shared CWE-119, CWE-416
CVE-2026-2660Shared CWE-119, CWE-416
CVE-2026-1144Shared CWE-119, CWE-416
CVE-2025-15538Shared CWE-119, CWE-416
CVE-2026-7322Shared CWE-119, CWE-416
CVE-2026-23111Shared CWE-416
CVE-2026-8511Shared CWE-416
CVE-2026-9970Shared CWE-416
CVE-2026-9932Shared CWE-416
CVE-2026-31530Shared CWE-416

Affected Assets

ckolivas
lrzip
≤ 0.651

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces memory protection mechanisms that block exploitation of the use-after-free condition in lzma_decompress_buf.

prevent

Requires validation of untrusted input before it reaches the vulnerable decompression routine in stream.c.

prevent

Restricts installation or execution of the vulnerable lrzip binary (or its lzma feature) to reduce attack surface until a fix is available.

References