CVE-2025-6140

Exploit

EPSS 0.2%
Veröffentlicht 16.06.2025 21:31:06
Zuletzt bearbeitet 29.04.2026 01:00:01
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

spdlog pattern_formatter-inl.h scoped_padder resource consumption

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 10

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gabime ≫ Spdlog Version < 1.15.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.096

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	1.9	0	0	CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
cna@vuldb.com	1.7	3.1	2.9	AV:L/AC:L/Au:S/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CWE-404 Improper Resource Shutdown or Release

The product does not release or incorrectly releases a resource before it is made available for re-use.

https://vuldb.com/?id.312609

Third Party Advisory

VDB Entry

https://vuldb.com/?ctiid.312609

VDB Entry

Permissions Required

https://vuldb.com/?submit.592999

Third Party Advisory

VDB Entry

https://github.com/gabime/spdlog/issues/3360

Exploit

Issue Tracking

https://github.com/gabime/spdlog/issues/3360#issuecomment-2729579422

Exploit

Issue Tracking

https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094

Patch

https://github.com/gabime/spdlog/releases/tag/v1.15.2

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2025-6140

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-6140

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-6140

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-6140