CVE-2025-6499 MEDIUM

CVE-2025-6499: vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow

Vendor Vstakhov
Product libucl
Weakness CWE-122
Published June 23, 2025
Last update June 23, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Key dates

02Disclosure timeline

June 23, 2025 CVE published
June 23, 2025 Record updated