Home > Vulnerability Database > CVE-2025-6140

Mend.io Vulnerability Database

CVE-2025-6140

Good to know:

Date: June 16, 2025

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Severity Score

6.2

Related Resources (10)

Url: https://github.com/gabime/spdlog/releases/tag/v1.15.2

Url: https://security-tracker.debian.org/tracker/CVE-2025-6140

Url: https://github.com/gabime/spdlog/issues/3360

Url: https://vuldb.com/?submit.592999

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-6140

Url: https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094

Url: https://vuldb.com/?ctiid.312609

Url: https://github.com/gabime/spdlog/issues/3360#issuecomment-2729579422

Url: https://vuldb.com/?id.312609

Url: https://www.mend.io/vulnerability-database/CVE-2025-6140

Severity Score

6.2

Weakness Type (CWE)

Improper Resource Shutdown or Release

CWE-404

Uncontrolled Resource Consumption

CWE-400

Top Fix

Upgrade Version

Upgrade to version https://github.com/gabime/spdlog.git - v1.15.2

Learn More

CVSS v3.1

Base Score:	6.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-6140

Good to know:

Date: June 16, 2025

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?