CVE-2025-15570 identifies a use-after-free vulnerability in the lrzip compression tool maintained by ckolivas, specifically affecting version 0.651. The vulnerability exists in the lzma_decompress_buf function within the stream.c source file. During decompression, improper memory management leads to a use-after-free condition, where memory is accessed after being freed, potentially causing memory corruption. This can be leveraged by a local attacker with limited privileges to execute arbitrary code or cause denial of service by crashing the application. The attack vector is local, requiring the attacker to have access to the system and the ability to manipulate lrzip decompression inputs. No user interaction is needed, and the attack complexity is low, but privileges are required. The vulnerability was responsibly disclosed early to the project, but no patch or official response has been provided yet. The CVSS v4.0 score is 4.8 (medium severity), reflecting limited impact due to local attack requirements and partial impact on confidentiality, integrity, and availability. No known exploits in the wild have been reported, but a public exploit is available, increasing the risk of exploitation. The vulnerability affects only version 0.651 of lrzip, a compression tool used primarily in Linux and Unix-like environments for efficient compression of large files.

The primary impact of CVE-2025-15570 is on systems running lrzip version 0.651, where a local attacker can exploit the use-after-free flaw to cause memory corruption. This can lead to denial of service by crashing the lrzip process or potentially allow escalation of privileges or arbitrary code execution if the attacker can craft malicious compressed files. Since exploitation requires local access and privileges, remote exploitation is not feasible, limiting the scope of impact. However, on multi-user systems or shared environments where lrzip is used, this vulnerability could be leveraged by a malicious user to disrupt services or escalate privileges. The confidentiality, integrity, and availability of affected systems could be compromised to a limited extent. Organizations relying on lrzip for backup, archival, or data compression in Linux environments may face operational disruptions or security breaches if exploited. The lack of an official patch increases exposure time, and the public availability of an exploit raises the risk of opportunistic attacks.

To mitigate CVE-2025-15570, organizations should first avoid using lrzip version 0.651 until a patched version is released. If lrzip is essential, restrict its usage to trusted users only and enforce strict access controls to prevent unprivileged users from executing or manipulating lrzip decompression. Employ application sandboxing or containerization to isolate lrzip processes and limit the impact of potential exploitation. Monitor system logs for abnormal lrzip crashes or suspicious activity indicative of exploitation attempts. Consider using alternative compression tools that do not have this vulnerability. If possible, conduct code audits or backport fixes from upstream if the project remains unresponsive. Maintain up-to-date backups and implement system integrity monitoring to detect unauthorized changes resulting from exploitation. Finally, stay informed about vendor updates or community patches addressing this vulnerability.