CVE-2025-31115
View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100 <1.8.1, 1.8.1 (CVE-2025-31115) C50 <1.8.0, 1.8.0 (CVE-2025-31115) C80 <1.8.0, 1.8.0 (CVE-2025-31115) FT50 <1.8.1, 1.8.1 (CVE-2025-31115) MT50 <1.8.1, 1.8.1 (CVE-2025-31115) T30 <1.8.0, 1.8.0 (CVE-2025-31115) T80 <1.8.0, 1.8.0 (CVE-2025-31115) T50 <1.8.1, 1.8.1 (CVE-2025-31115) CVSS Vendor Equipment Vulnerabilities v3 7.5 B&R Industrial Automation GmbH XZ Utils vulnerability impacting B&R Products Race Condition within a Thread Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-31115 XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. View CVE Details Affected Products XZ Utils vulnerability impacting B&R Products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH PPC3100 <1.8.1, B&R Industrial Automation GmbH C50 <1.8.0, B&R Industrial Automation GmbH C80 <1.8.0, B&R Industrial Automation GmbH FT50 <1.8.1, B&R Industrial Automation G
CSIRTS triage
- What
- A vulnerability could cause the product to stop or corrupt memory data.
- Who is affected
- Users of affected B&R products utilizing XZ Utils.
- Urgency
- Remediation is critical due to the potential for significant operational impact.
- Action
- Update to the specified versions or later.
AI-assisted analysis generated from the source advisory — verify against the original.
⚡ Watch CVE-2025-31115
Get an email if CVE-2025-31115 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.
Exploitation outlook
- Low exploitation risk0.65% 30-day exploitation probability — currently an unlikely target, but scores change as exploit code circulates. Riskier than 47% of all EPSS-scored CVEs.
Advisory coverage (1)
- criticalXZ Utils vulnerability impacting B&R Productscisa · 2026-06-30
External references
Embed the live status
— this badge updates automatically when the KEV or exploit status changes. How to embed it →
[](https://www.csirts.com/cve/CVE-2025-31115)