CVE-2025-6499: vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2025-6499

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

vstakhov libucl ucl_parser.c ucl_parse_multiline_string heap-based overflow

Source: NVD (National Vulnerability Database)

Vulnerability Description

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

堆缓冲区溢出

Source: NVD (National Vulnerability Database)

Vulnerability Title

libucl 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

libucl是Vsevolod Stakhov个人开发者的一个C语言通用配置库解析器。 libucl 0.9.2及之前版本存在安全漏洞，该漏洞源于src/ucl_parser.c文件中ucl_parse_multiline_string函数存在堆缓冲区溢出。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
vstakhov	libucl	0.9.0	-

II. Public POCs for CVE-2025-6499

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2025-6499

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: libucl

Same vendor: vstakhov

CVE-2025-11010
vstakhov libucl ucl_util.c ucl_include_common heap-based ove

Same weakness: CWE-122

V. Comments for CVE-2025-6499

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2025-6499

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2025-6499

III. Intelligence Information for CVE-2025-6499

IV. Related Vulnerabilities

V. Comments for CVE-2025-6499

Leave a comment