How to fix CVE-2025-6141?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is Ubuntu affected by CVE-2025-6141?

CVE-2025-6141 is a low-severity vulnerability in GNU ncurses (CVSS 3.3). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

CVE-2025-6141

EUVD-2025-18429 LOW

2025-06-16 [email protected]

3.3

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

Analysis Generated

Mar 14, 2026 - 21:59 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:59 euvd

EUVD-2025-18429

CVE Published

Jun 16, 2025 - 22:16 nvd

LOW 3.3

Description

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

Analysis

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Affected Products

Affected: GNU ncurses

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +16

POC: 0

Vendor Status

Ubuntu

Priority: Low

ncurses

Release	Status	Version
noble	needs-triage	-
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
upstream	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-
plucky	ignored	end of life, was needs-triage

Debian

Bug #1107937

ncurses

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	6.2+20201114-2+deb11u2	-
bookworm	vulnerable	6.4-4	-
trixie	vulnerable	6.5+20250216-2	-
forky, sid	fixed	6.6+20251231-1	-
experimental	fixed	6.5+20251115-1	-
(unstable)	fixed	6.5+20251115-2	-

CVE-2025-6141 vulnerability details – vuln.today

Back

CVE-2025-6141

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2025-6141

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Remediation

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code