Is there a public PoC exploit available for EUVD-2025-18796?

Yes, a public proof-of-concept exploit is available for EUVD-2025-18796. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-18796?

During next maintenance window: Apply vendor patches when convenient. Vendor patch is available.

EUVD-2025-18796

Q: What is the CVSS score of EUVD-2025-18796?

EUVD-2025-18796 has a CVSS 4.0 base score of 1.9 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2025-6375 LOW

Improper Resource Shutdown or Release (CWE-404)

2025-06-21 cna@vuldb.com

Denial Of Service

1.9

CVSS 4.0 · NVD

Severity by source

NVD PRIMARY

1.9 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Ubuntu

MEDIUM

qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Lifecycle Timeline

CVSS changed

Apr 29, 2026 - 01:11 NVD

3.3 (LOW) 1.9 (LOW)

EUVD ID Assigned

Mar 15, 2026 - 21:35 euvd

EUVD-2025-18796

Analysis Generated

Mar 15, 2026 - 21:35 vuln.today

Patch released

Mar 15, 2026 - 21:35 nvd

Patch available

PoC Detected

Sep 18, 2025 - 13:38 vuln.today

Public exploit code

CVE Published

Jun 21, 2025 - 01:15 nvd

LOW 3.3

DescriptionCVE.org

A vulnerability was found in poco up to 1.14.1. It has been rated as problematic. Affected by this issue is the function MultipartInputStream of the file Net/src/MultipartReader.cpp. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 1.14.2 is able to address this issue. The patch is identified as 6f2f85913c191ab9ddfb8fae781f5d66afccf3bf. It is recommended to upgrade the affected component.

Analysis

Vendor StatusVendor

Ubuntu

Priority: Medium

poco

Release	Status	Version
plucky	ignored	end of life, was needs-triage
upstream	needs-triage	-
trusty	needs-triage	-
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
oracular	ignored	end of life, was needs-triage
questing	needs-triage	-

Debian

Bug #1108157

poco

Release	Status	Fixed Version	Urgency
bullseye	vulnerable	1.10.0-6+deb11u1	-
bullseye (security)	vulnerable	1.10.0-6+deb11u2	-
bookworm	vulnerable	1.11.0-3+deb12u1	-
trixie	vulnerable	1.13.0-6	-
forky, sid	fixed	1.14.2-3	-
experimental	fixed	1.14.2-1	-
(unstable)	fixed	1.14.2-2	-

EUVD-2025-18796 vulnerability details – vuln.today

Back

EUVD-2025-18796

Severity by source

CVSS VectorNVD

Lifecycle Timeline

DescriptionCVE.org

Analysis

Vendor StatusVendor

Ubuntu

Debian

Share

External POC / Exploit Code