CSIRTS // UNIFIED SECURITY ADVISORY FEEDSYS ● ONLINE · POWERED BY INTELFUSIONS.COM

CVE-2025-31115

criticalcovered by 1 sourcefirst seen 2026-06-30
View CSAF Summary An update is available that resolves vulnerability in the product versions listed as affected in the advisory. An attacker who successfully exploited this vulnerability could cause the product to stop or corrupt memory data. The following versions of XZ Utils vulnerability impacting B&R Products are affected: PPC3100 <1.8.1, 1.8.1 (CVE-2025-31115) C50 <1.8.0, 1.8.0 (CVE-2025-31115) C80 <1.8.0, 1.8.0 (CVE-2025-31115) FT50 <1.8.1, 1.8.1 (CVE-2025-31115) MT50 <1.8.1, 1.8.1 (CVE-2025-31115) T30 <1.8.0, 1.8.0 (CVE-2025-31115) T80 <1.8.0, 1.8.0 (CVE-2025-31115) T50 <1.8.1, 1.8.1 (CVE-2025-31115) CVSS Vendor Equipment Vulnerabilities v3 7.5 B&R Industrial Automation GmbH XZ Utils vulnerability impacting B&R Products Race Condition within a Thread Background Critical Infrastructure Sectors: Critical Manufacturing Countries/Areas Deployed: Worldwide Company Headquarters Location: Switzerland Vulnerabilities Expand All + CVE-2025-31115 XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an address based on the null pointer plus an offset. Applications and libraries that use the lzma_stream_decoder_mt function are affected. The bug has been fixed in XZ Utils 5.8.1, and the fix has been committed to the v5.4, v5.6, v5.8, and master branches in the xz Git repository. No new release packages will be made from the old stable branches, but a standalone patch is available that applies to all affected releases. View CVE Details Affected Products XZ Utils vulnerability impacting B&R Products Vendor: B&R Industrial Automation GmbH Product Version: B&R Industrial Automation GmbH PPC3100 <1.8.1, B&R Industrial Automation GmbH C50 <1.8.0, B&R Industrial Automation GmbH C80 <1.8.0, B&R Industrial Automation GmbH FT50 <1.8.1, B&R Industrial Automation G

CSIRTS triage

vendor: B&R Industrial Automation GmbHproduct: XZ UtilsOtheraffected: <1.8.1 for PPC3100, C50, FT50; <1.8.0 for C80, T30, T80; <1.8.1 for T50
What
A vulnerability could cause the product to stop or corrupt memory data.
Who is affected
Users of affected B&R products utilizing XZ Utils.
Urgency
Remediation is critical due to the potential for significant operational impact.
Action
Update to the specified versions or later.

AI-assisted analysis generated from the source advisory — verify against the original.

⚡ Watch CVE-2025-31115

Get an email if CVE-2025-31115 is added to CISA KEV, gains public exploit code, or a new advisory cites it — max one per day, one-click unsubscribe.

Exploitation outlook

Advisory coverage (1)

External references

NVD record for CVE-2025-31115

CVE.org record

Embed the live status

CVE-2025-31115 live status badge — this badge updates automatically when the KEV or exploit status changes. How to embed it →

[![CVE-2025-31115 status](https://www.csirts.com/badge/CVE-2025-31115)](https://www.csirts.com/cve/CVE-2025-31115)