CVE-2025-9396

low-risk
Published 2025-08-24

A security flaw has been discovered in ckolivas lrzip up to 0.651. This impacts the function __GI_____strtol_l_internal of the file strtol_l.c. Performing manipulation results in null pointer dereference. The attack is only possible with local access. The exploit has been released to the public and may be exploited.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Lrzip

Affected Vendors

Ckolivas

References (7)

Exploit https://drive.google.com/file/d/1EFbiiM1d7Ozb0ucZt6zRO3ngU8ugUnCn/view?usp=shari...
Exploit https://github.com/ckolivas/lrzip/issues/264
Permissions Required https://vuldb.com/?ctiid.321232
Third Party Advisory https://vuldb.com/?id.321232
Exploit https://vuldb.com/?submit.632368
Exploit https://github.com/ckolivas/lrzip/issues/264
Exploit https://vuldb.com/?submit.632368
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal