QwikSec

Security Database

CVE

CWE

Training

CVE-2025-6140

Published: Jun 16, 2025

Modified: Jun 17, 2025

PUBLISHED

CVSS v3.1

3.3

LOW

Description

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Vendor	Product	Versions
n/a	spdlog	affected `1.15.0` affected `1.15.1` unaffected `1.15.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

References

VDB-312609 | spdlog pattern_formatter-inl.h scoped_padder resource consumption

vdb-entry

technical-description

VDB-312609 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #592999 | spdlog spdlog 1.15.1 (commit 3335c38) Uncontrolled Memory Allocation

third-party-advisory

https://github.com/gabime/spdlog/issues/3360

exploit

issue-tracking

https://github.com/gabime/spdlog/issues/3360#issuecomment-2729579422

issue-tracking

https://github.com/gabime/spdlog/commit/10320184df1eb4638e253a34b1eb44ce78954094

patch

https://github.com/gabime/spdlog/releases/tag/v1.15.2

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.