CVE-2025-6494

3.3 LOW
Published: June 22, 2025 Modified: April 29, 2026
View on NVD

Description

A vulnerability was found in sparklemotion nokogiri c29c920907366cb74af13b4dc2230e9c9e23b833. It has been classified as problematic. This affects the function hashmap_get_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. The patch is named ada4708e5a67114402cd3feb70a4e1d1d7cf773a. It is recommended to apply a patch to fix this issue. The project maintainer explains that the affected code was merged into the main branch but the commit never appeared in an official release.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/sparklemotion/nokogiri/commit/ada4708e5a67114402cd3feb70a4e1d1d7cf773a
Source: cna@vuldb.com
https://github.com/sparklemotion/nokogiri/issues/3508
Source: cna@vuldb.com
https://github.com/sparklemotion/nokogiri/pull/3524
Source: cna@vuldb.com
https://github.com/user-attachments/files/19825279/nokogiri_crash_2.txt
Source: cna@vuldb.com
https://vuldb.com/?ctiid.313611
Source: cna@vuldb.com
https://vuldb.com/?id.313611
Source: cna@vuldb.com
https://vuldb.com/?submit.601006
Source: cna@vuldb.com

7 reference(s) from NVD

Quick Stats

CVSS v3 Score
3.3 / 10.0
EPSS (Exploit Probability)
0.1%
21th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-119 CWE-122

Related CVEs

CVE-2026-42615 7.2
CVE-2026-23773 4.3
CVE-2026-40560 N/A
CVE-2026-7363 N/A
CVE-2026-7361 N/A