CVE-2025-6490

CVSS v3.1

3.3

Low

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7

Description: A problem was found in the function hashmap set with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Recommendations: To fix this issue, apply a patch with the identifier ada4708e5a67114402cd3feb70a4e1d1d7cf773a. As a temporary workaround, consider disabling the hashmap set with hash function until a patch is available. Restrict access to the gumbo-parser/src/hashmap.c file to minimize the risk of exploitation. Avoid using the hashmap set with hash function in the affected code until the issue is resolved.

Exploit

Fix

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

CVE-2025-6490

GHSA-PF9W-GVCF-GV7M

Affected Products

Debian

Nokogiri

CVE-2025-6490

Weakness Enumeration

Related Identifiers

Affected Products

References · 19