Is there a public PoC exploit available for CVE-2025-6140?

Yes, a public proof-of-concept exploit is available for CVE-2025-6140. Prioritise patching immediately. EPSS: 0.0%.

How to fix or mitigate CVE-2025-6140?

During next maintenance window: Apply vendor patches when convenient. Verify denial of service controls are in place.

CVE-2025-6140

Q: What is the CVSS score of CVE-2025-6140?

CVE-2025-6140 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.0%.

EUVD-2025-18431 LOW

Uncontrolled Resource Consumption (CWE-400)

2025-06-16 cna@vuldb.com

Denial Of Service

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18431

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

Patch released

Mar 14, 2026 - 21:59 nvd

Patch available

PoC Detected

Jul 02, 2025 - 18:58 vuln.today

Public exploit code

CVE Published

Jun 16, 2025 - 22:16 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Medium

spdlog

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
upstream	released	1:1.15.2+ds-1
plucky	ignored	end of life, was needs-triage
oracular	ignored	end of life, was needs-triage
questing	not-affected	1:1.15.3+ds-1

Debian

spdlog

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1:1.8.1+ds-2.1	-
bookworm	vulnerable	1:1.10.0+ds-0.4	-
trixie	fixed	1:1.15.2+ds-2	-
forky, sid	fixed	1:1.15.3+ds-1	-
(unstable)	fixed	1:1.15.2+ds-1	-

CVE-2025-6140 vulnerability details – vuln.today

Back

CVE-2025-6140

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code