Vulnerability Description
A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gabime | Spdlog | < 1.15.2 |
Related Weaknesses (CWE)
References
- https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094Patch
- https://github.com/gabime/spdlog/issues/3360ExploitIssue Tracking
- https://github.com/gabime/spdlog/issues/3360#issuecomment-2729579422ExploitIssue Tracking
- https://github.com/gabime/spdlog/releases/tag/v1.15.2Release Notes
- https://vuldb.com/?ctiid.312609Permissions RequiredVDB Entry
- https://vuldb.com/?id.312609Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.592999Third Party AdvisoryVDB Entry
- https://github.com/gabime/spdlog/issues/3360ExploitIssue Tracking
FAQ
What is CVE-2025-6140?
CVE-2025-6140 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation ...
How severe is CVE-2025-6140?
CVE-2025-6140 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-6140?
Check the references section above for vendor advisories and patch information. Affected products include: Gabime Spdlog.