Resource Consumption Vulnerability in spdlog Library by Gabime
CVE-2025-6140

4.8MEDIUM

Key Information:

Vendor

Gabime

Status
Spdlog
Vendor
CVE Published:
16 June 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-6140?

A resource consumption vulnerability exists in the spdlog library versions up to 1.15.1, specifically linked to the scoped_padder function defined in pattern_formatter-inl.h. Exploitation of this vulnerability could allow an attacker to manipulate resource management when executed on a local host, potentially leading to denial of service due to excessive resource usage. The issue has been disclosed publicly, highlighting the importance of upgrading to version 1.15.2, which addresses the identified vulnerabilities. Users are urged to implement the patch (commit identifier: 10320184df1eb4638e253a34b1eb44ce78954094) promptly to mitigate risks.

Affected Version(s)

spdlog 1.15.0

spdlog 1.15.1

spdlog 1.15.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-6140 - Proof of Concept

References

https://vuldb.com/?id.312609
vdb-entrytechnical-description
https://vuldb.com/?ctiid.312609
signaturepermissions-required
https://vuldb.com/?submit.592999
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

JJLeo (VulDB User)
.
CVE-2025-6140 : Resource Consumption Vulnerability in spdlog Library by Gabime