Vulnerabilities

CVE-2025-66566 - yawkat LZ4 Java has a possible information leak in Java safe decompressor

2025-12-05 0 views admin

CVE ID : CVE-2025-66566 Published : Dec. 5, 2025, 6:15 p.m. | 47 minutes ago Description : yawkat LZ4 Java provides LZ4 compression for Java. Insufficient clearing of the output buffer in Java-based decompressor implementations in lz4-java 1.10.0 and earlier allows remote attackers to read previous buffer contents via crafted compressed input. In applications where the output buffer is reused without being cleared, this may lead to disclosure of sensitive data. JNI-based implementations are not affected. This vulnerability is fixed in 1.10.1. Severity: 8.2 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2025-66566

Severity

HIGH

Published

Dec. 5, 2025

Affected Product: Java

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2025-66566highjava

CVE-2025-66566 - yawkat LZ4 Java has a possible information leak in Java safe decompressor

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-14672 - gmg137 snap7-rs s7_micro_client.cpp opWriteArea heap-based overflow

CVE-2025-14674 - aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection

CVE-2025-14673 - gmg137 snap7-rs client.rs as_ct_write heap-based overflow

CVE-2025-14665 - Tenda WH450 HTTP Request DhcpListClient stack-based overflow

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting