CVE-2025-15571 is a vulnerability identified in the lrzip compression tool developed by ckolivas, specifically affecting version 0.651. The issue resides in the ucompthread function within the stream.c source file, where improper handling leads to a NULL pointer dereference. This occurs when the function attempts to access or manipulate memory through a pointer that has not been properly initialized or has been set to NULL, resulting in a crash of the lrzip process. The vulnerability requires local access with low privileges, meaning an attacker must have some level of access to the host system to exploit it. No authentication or user interaction is necessary beyond having local access. The impact is primarily a denial of service (DoS) condition, as the application terminates unexpectedly due to the crash. The vulnerability does not affect confidentiality or integrity, nor does it allow privilege escalation or remote code execution. The vulnerability was responsibly disclosed to the project maintainers, but as of the publication date, no patch or fix has been released. Public disclosure of the exploit details increases the risk of exploitation in environments where lrzip is used and local access is possible. The CVSS 4.0 base score is 4.8, reflecting a medium severity rating due to the limited attack vector and impact scope.

The primary impact of CVE-2025-15571 is denial of service through application crashes when the vulnerable function is triggered. For organizations, this can disrupt workflows that rely on lrzip for data compression and decompression, potentially causing delays or failures in data processing pipelines. Since exploitation requires local access, the threat is mainly to multi-user systems where untrusted or less privileged users have shell or terminal access. In such environments, an attacker could intentionally crash lrzip processes to interrupt services or data handling tasks. The vulnerability does not lead to data breaches, privilege escalation, or remote compromise, limiting its overall risk. However, in critical systems where lrzip is integrated into automated backup or archival processes, repeated crashes could degrade system reliability and availability. The lack of a patch increases exposure time, and public exploit disclosure may encourage opportunistic attacks in poorly secured environments.

Organizations should restrict local access to systems running lrzip, ensuring only trusted users have shell or terminal privileges. Monitoring and alerting on lrzip process crashes can help detect exploitation attempts early. Until a patch is released, consider replacing lrzip with alternative compression tools that do not have this vulnerability, especially in critical environments. If lrzip usage is mandatory, running it within isolated containers or sandboxes can limit the impact of crashes. Regularly check for updates from the lrzip project or community for patches addressing this issue. Additionally, implement strict user privilege management and auditing to reduce the risk of local exploitation. Document and communicate the vulnerability internally to raise awareness among system administrators and users with local access.