CVE-2025-6140

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

CVSS v3 3.3 LOW
CVSS v2.0 1.7 LOW

3.3^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 1.4

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:S/C:N/I:N/A:P

Exploitability : 3.1 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094
https://github.com/gabime/spdlog/issues/3360
https://github.com/gabime/spdlog/issues/3360#issuecomment-2729579422
https://github.com/gabime/spdlog/releases/tag/v1.15.2
https://vuldb.com/?ctiid.312609
https://vuldb.com/?id.312609
https://vuldb.com/?submit.592999
https://github.com/gabime/spdlog/issues/3360

Configurations

No configuration.

History

17 Jun 2025, 16:15

Type	Values Removed	Values Added
References	~~() https://github.com/gabime/spdlog/issues/3360 -~~	() https://github.com/gabime/spdlog/issues/3360 -
Summary		(es) Se encontró una vulnerabilidad clasificada como problemática en spdlog hasta la versión 1.15.1. Esta afecta a la función scoped_padder de la librería include/spdlog/pattern_formatter-inl.h. La manipulación provoca el consumo de recursos. Es posible lanzar el ataque contra el host local. Se ha hecho público el exploit y puede que sea utilizado. Actualizar a la versión 1.15.2 puede solucionar este problema. El identificador del parche es 10320184df1eb4638e253a34b1eb44ce78954094. Se recomienda actualizar el componente afectado.

16 Jun 2025, 22:16

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-16 22:16

Updated : 2025-06-17 20:50

NVD link : CVE-2025-6140

Mitre link : CVE-2025-6140

CVE.ORG link : CVE-2025-6140

JSON object : View

Products Affected

No product.

CWE

CWE-400

Uncontrolled Resource Consumption

CWE-404

Improper Resource Shutdown or Release

3.3 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

1.7 /10

Access Vector LOCAL

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2025-6140

3.3^/10

1.7^/10

Attach tags to `CVE-2025-6140`