CVE-2025-12183 HIGH

CVE-2025-12183: org.lz4:lz4-java - Out-of-Bounds Memory Access

Weakness CWE-125

Published November 28, 2025

Last update December 29, 2025

View on NVD All CVEs

CVSS base score

8.8/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

What the vulnerability does

Description

Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.

Key dates

Disclosure timeline

November 28, 2025 CVE published

December 29, 2025 Record updated