CVE-2025-6490

| EUVD-2025-18911 LOW
2025-06-22 [email protected]
3.3
CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

4
Patch Released
Mar 31, 2026 - 21:13 nvd
Patch available
Analysis Generated
Mar 15, 2026 - 21:55 vuln.today
EUVD ID Assigned
Mar 15, 2026 - 21:55 euvd
EUVD-2025-18911
CVE Published
Jun 22, 2025 - 19:15 nvd
LOW 3.3

Tags

Buffer Overflow Ubuntu Debian

Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

Analysis

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The identifier of the patch is ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

Technical Context

A buffer overflow occurs when data written to a buffer exceeds its allocated size, potentially overwriting adjacent memory and corrupting program state.

Remediation

Use memory-safe languages or bounds-checked functions. Enable ASLR, DEP/NX, and stack canaries. Apply vendor patches promptly.

Priority Score

17
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +16
POC: 0

Vendor Status

Ubuntu

Priority: Medium
ruby-nokogiri
Release Status Version
bionic not-affected code not present
focal not-affected code not present
jammy not-affected code not present
noble not-affected code not present
oracular not-affected code not present
plucky not-affected code not present
trusty not-affected code not present
upstream not-affected code not present
xenial not-affected code not present

Debian

ruby-nokogiri
Release Status Fixed Version Urgency
bullseye fixed 1.11.1+dfsg-2 -
bullseye (security) fixed 1.11.1+dfsg-2+deb11u1 -
bookworm fixed 1.13.10+dfsg-2 -
trixie fixed 1.18.2+dfsg-1 -
forky fixed 1.18.10+dfsg-3 -
sid fixed 1.19.1+dfsg-1 -
(unstable) not-affected - -

Share

CVE-2025-6490 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy