High severityOSV Advisory· Published Nov 28, 2025· Updated Apr 15, 2026
CVE-2025-12183
CVE-2025-12183
Description
Out-of-bounds memory operations in org.lz4:lz4-java 1.8.0 and earlier allow remote attackers to cause denial of service and read adjacent memory via untrusted compressed input.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
at.yawk.lz4:lz4-javaMaven | < 1.8.1 | 1.8.1 |
org.lz4:lz4-javaMaven | < 1.8.1 | 1.8.1 |
org.lz4:lz4-pure-javaMaven | <= 1.8.0 | — |
net.jpountz.lz4:lz4Maven | <= 1.3.0 | — |
Affected products
97- osv-coords96 versionspkg:apk/chainguard/apache-hoppkg:apk/chainguard/apache-hop-fipspkg:apk/chainguard/cassandra-4.0pkg:apk/chainguard/cassandra-4.1pkg:apk/chainguard/cassandra-fips-4.0pkg:apk/chainguard/cassandra-fips-4.1pkg:apk/chainguard/cassandra-fips-5.0pkg:apk/chainguard/debezium-3.5-connector-jdbcpkg:apk/chainguard/debezium-3.5-connector-mariadbpkg:apk/chainguard/debezium-3.5-connector-mongodbpkg:apk/chainguard/debezium-3.5-connector-mysqlpkg:apk/chainguard/debezium-3.5-connector-postgrespkg:apk/chainguard/debezium-3.5-connector-sqlserverpkg:apk/chainguard/debezium-connector-db2-3.5pkg:apk/chainguard/debezium-connector-ibmi-3.5pkg:apk/chainguard/debezium-connector-informix-3.5pkg:apk/chainguard/debezium-connector-spanner-3.4pkg:apk/chainguard/debezium-connector-spanner-3.5pkg:apk/chainguard/debezium-connector-vitess-3.5pkg:apk/chainguard/elasticsearch-7pkg:apk/chainguard/elasticsearch-7-iamguardedpkg:apk/chainguard/elasticsearch-8.17pkg:apk/chainguard/elasticsearch-9.0pkg:apk/chainguard/elasticsearch-9.0-iamguardedpkg:apk/chainguard/elasticsearch-fips-8.17pkg:apk/chainguard/elasticsearch-fips-8.17-bitnamipkg:apk/chainguard/elasticsearch-fips-9.0pkg:apk/chainguard/elasticsearch-fips-9.0-bitnamipkg:apk/chainguard/kafbat-uipkg:apk/chainguard/kafbat-ui-fipspkg:apk/chainguard/kafka-3.7pkg:apk/chainguard/kafka-3.8pkg:apk/chainguard/kafka-4.0pkg:apk/chainguard/kafka-4.1pkg:apk/chainguard/kafka-fips-4.1pkg:apk/chainguard/knative-kafka-broker-1.17-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.17-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.18-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.18-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.19-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.19-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.20-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.20-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.21-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.21-receiver-loompkg:apk/chainguard/knative-kafka-broker-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-1.22-receiver-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-dispatcher-loompkg:apk/chainguard/knative-kafka-broker-fips-1.22-receiver-loompkg:apk/chainguard/logstash-8.17pkg:apk/chainguard/logstash-8.17-iamguarded-compatpkg:apk/chainguard/logstash-8.17-with-output-opensearchpkg:apk/chainguard/logstash-8.19pkg:apk/chainguard/logstash-8.19-iamguarded-compatpkg:apk/chainguard/logstash-8.19-with-output-opensearchpkg:apk/chainguard/logstash-9.0pkg:apk/chainguard/logstash-9.0-iamguarded-compatpkg:apk/chainguard/logstash-9.0-with-output-opensearchpkg:apk/chainguard/opensearch-2-securitypkg:apk/chainguard/spark-3.5-scala-2.12pkg:apk/chainguard/spark-3.5-scala-2.13pkg:apk/chainguard/spark-4.0-scala-2.13pkg:apk/chainguard/spark-4.1-scala-2.13pkg:apk/chainguard/spark-fips-3.5-scala-2.12pkg:apk/chainguard/spark-fips-3.5-scala-2.13pkg:apk/chainguard/spark-fips-4.1-scala-2.13pkg:apk/chainguard/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/chainguard/zipkinpkg:apk/wolfi/cassandra-4.1pkg:apk/wolfi/debezium-3.5-connector-jdbcpkg:apk/wolfi/debezium-3.5-connector-mariadbpkg:apk/wolfi/debezium-3.5-connector-mongodbpkg:apk/wolfi/debezium-3.5-connector-mysqlpkg:apk/wolfi/debezium-3.5-connector-postgrespkg:apk/wolfi/debezium-3.5-connector-sqlserverpkg:apk/wolfi/debezium-connector-db2-3.5pkg:apk/wolfi/debezium-connector-ibmi-3.5pkg:apk/wolfi/debezium-connector-informix-3.5pkg:apk/wolfi/debezium-connector-spanner-3.4pkg:apk/wolfi/debezium-connector-spanner-3.5pkg:apk/wolfi/debezium-connector-vitess-3.5pkg:apk/wolfi/kafka-3.8pkg:apk/wolfi/kafka-4.0pkg:apk/wolfi/kafka-4.1pkg:apk/wolfi/opensearch-2-securitypkg:apk/wolfi/spark-3.5-scala-2.12pkg:apk/wolfi/spark-3.5-scala-2.13pkg:apk/wolfi/spark-4.0-scala-2.13pkg:apk/wolfi/spark-4.1-scala-2.13pkg:apk/wolfi/strimzi-kafka-operator-kafka-thirdparty-libs-ccpkg:apk/wolfi/zipkinpkg:maven/at.yawk.lz4/lz4-javapkg:maven/net.jpountz.lz4/lz4pkg:maven/org.lz4/lz4-javapkg:maven/org.lz4/lz4-pure-javapkg:rpm/opensuse/grype&distro=openSUSE%20Tumbleweed
< 2.17.0-r5+ 95 more
- (no CPE)range: < 2.17.0-r5
- (no CPE)range: < 2.17.0-r5
- (no CPE)range: < 4.0.19-r5
- (no CPE)range: < 4.1.10-r5
- (no CPE)range: < 4.0.19-r4
- (no CPE)range: < 4.1.10-r4
- (no CPE)range: < 5.0.6-r5
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 7.17.29-r12
- (no CPE)range: < 8.17.10-r21
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 9.0.8-r10
- (no CPE)range: < 8.17.10-r16
- (no CPE)range: < 8.17.10-r16
- (no CPE)range: < 9.0.8-r17
- (no CPE)range: < 9.0.8-r17
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 1.5.0-r0
- (no CPE)range: < 3.7.2-r53
- (no CPE)range: < 3.8.1-r52
- (no CPE)range: < 4.0.1-r8
- (no CPE)range: < 4.1.1-r7
- (no CPE)range: < 4.1.1-r3
- (no CPE)range: < 1.17.3-r6
- (no CPE)range: < 1.17.3-r6
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.18.2-r1
- (no CPE)range: < 1.19.11-r2
- (no CPE)range: < 1.19.11-r2
- (no CPE)range: < 1.20.2-r2
- (no CPE)range: < 1.20.2-r2
- (no CPE)range: < 1.21.1-r1
- (no CPE)range: < 1.21.1-r1
- (no CPE)range: < 1.22.1-r1
- (no CPE)range: < 1.22.1-r1
- (no CPE)range: < 1.22.1-r1
- (no CPE)range: < 1.22.1-r1
- (no CPE)range: < 8.17.10-r18
- (no CPE)range: < 8.17.10-r18
- (no CPE)range: < 8.17.10-r18
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 8.19.14-r3
- (no CPE)range: < 9.0.8-r17
- (no CPE)range: < 9.0.8-r17
- (no CPE)range: < 9.0.8-r17
- (no CPE)range: < 2.19.4-r12
- (no CPE)range: < 3.5.8-r5
- (no CPE)range: < 3.5.8-r5
- (no CPE)range: < 4.0.2-r4
- (no CPE)range: < 4.1.1-r8
- (no CPE)range: < 3.5.4-r24
- (no CPE)range: < 3.5.4-r24
- (no CPE)range: < 4.1.1-r5
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 3.5.1-r13
- (no CPE)range: < 4.1.10-r5
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.1-r0
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.5.0-r1
- (no CPE)range: < 3.4.2-r1
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 3.5.1-r1
- (no CPE)range: < 3.8.1-r52
- (no CPE)range: < 4.0.1-r8
- (no CPE)range: < 4.1.1-r7
- (no CPE)range: < 2.19.4-r12
- (no CPE)range: < 3.5.8-r5
- (no CPE)range: < 3.5.8-r5
- (no CPE)range: < 4.0.2-r4
- (no CPE)range: < 4.1.1-r8
- (no CPE)range: < 0.51.0-r2
- (no CPE)range: < 3.5.1-r13
- (no CPE)range: < 1.8.1
- (no CPE)range: <= 1.3.0
- (no CPE)range: < 1.8.1
- (no CPE)range: <= 1.8.0
- (no CPE)range: < 0.109.1-1.1
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-vqf4-7m7x-wgfcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-12183ghsaADVISORY
- www.openwall.com/lists/oss-security/2025/12/01/5nvdWEB
- github.com/yawkat/lz4-java/releases/tag/v1.8.1nvdWEB
- sites.google.com/sonatype.com/vulnerabilities/cve-2025-12183ghsaWEB
- www.sonatype.com/security-advisories/cve-2025-12183nvdWEB
News mentions
0No linked articles in our index yet.