CVE-2025-5915

MEDIUM EPSS 5.5%
Published Jun 9, 20251y ago · Modified Jun 17, 20261w ago
6.6 CVSS 3.1
Medium
Find Similar
Published Jun 9, 2025 1y ago
Last Modified Jun 17, 2026 1w ago

Description

A vulnerability has been identified in the libarchive library. This flaw can lead to a heap buffer over-read due to the size of a filter block potentially exceeding the Lempel-Ziv-Storer-Schieber (LZSS) window. This means the library may attempt to read beyond the allocated memory buffer, which can result in unpredictable program behavior, crashes (denial of service), or the disclosure of sensitive information from adjacent memory regions.

CVSS Details

Base Score
6.6
Exploitability
1.3
Impact
5.2
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction Required
Scope Unchanged
Confidentiality High
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
5.5% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-122

Affected Products 7

VendorProductVersionRange
libarchivelibarchive* <3.8.0
redhatopenshift_container_platform4.0any
redhatenterprise_linux6.0any
redhatenterprise_linux7.0any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any
redhatenterprise_linux10.0any

References 4

  • access.redhat.com https://access.redhat.com/security/cve/CVE-2025-5915
    Vendor Advisory
  • bugzilla.redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2370865
    Issue Tracking
  • github.com https://github.com/libarchive/libarchive/pull/2599
    Patch
  • github.com https://github.com/libarchive/libarchive/releases/tag/v3.8.0
    Release Notes

Remediation

  • github.com https://github.com/libarchive/libarchive/pull/2599
    Patch