CVE-2025-6140 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2025-6140 Interim 1 3 2025-11-01T01:03:40Z current 2025-06-17T23:18:54Z 2025-11-01T01:03:40Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2025-6140 A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 15 SP6 openSUSE Leap 15.6 openSUSE Tumbleweed libspdlog1_11-1.11.0-bp156.3.3.1 libspdlog1_11-64bit-1.11.0-bp156.3.3.1 libspdlog1_15-1.15.3-2.1 libspdlog1_15-32bit-1.15.3-2.1 spdlog spdlog-devel spdlog-devel-1.11.0-bp156.3.3.1 spdlog-devel-1.15.3-2.1 libspdlog1_11-1.11.0-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 libspdlog1_11-64bit-1.11.0-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 spdlog-devel-1.11.0-bp156.3.3.1 as a component of SUSE Package Hub 15 SP6 libspdlog1_11-1.11.0-bp156.3.3.1 as a component of openSUSE Leap 15.6 libspdlog1_11-64bit-1.11.0-bp156.3.3.1 as a component of openSUSE Leap 15.6 spdlog-devel-1.11.0-bp156.3.3.1 as a component of openSUSE Leap 15.6 libspdlog1_15-1.15.3-2.1 as a component of openSUSE Tumbleweed libspdlog1_15-32bit-1.15.3-2.1 as a component of openSUSE Tumbleweed spdlog-devel-1.15.3-2.1 as a component of openSUSE Tumbleweed spdlog-devel as a component of openSUSE Leap 15.6 spdlog as a component of openSUSE Leap 15.6 A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scoped_padder in the library include/spdlog/pattern_formatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 1.15.2 is able to address this issue. The identifier of the patch is 10320184df1eb4638e253a34b1eb44ce78954094. It is recommended to upgrade the affected component. CVE-2025-6140 SUSE Package Hub 15 SP6:libspdlog1_11-1.11.0-bp156.3.3.1 SUSE Package Hub 15 SP6:libspdlog1_11-64bit-1.11.0-bp156.3.3.1 SUSE Package Hub 15 SP6:spdlog-devel-1.11.0-bp156.3.3.1 openSUSE Leap 15.6:libspdlog1_11-1.11.0-bp156.3.3.1 openSUSE Leap 15.6:libspdlog1_11-64bit-1.11.0-bp156.3.3.1 openSUSE Leap 15.6:spdlog-devel-1.11.0-bp156.3.3.1 openSUSE Tumbleweed:libspdlog1_15-1.15.3-2.1 openSUSE Tumbleweed:libspdlog1_15-32bit-1.15.3-2.1 openSUSE Tumbleweed:spdlog-devel-1.15.3-2.1 openSUSE Leap 15.6:spdlog openSUSE Leap 15.6:spdlog-devel moderate 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L