CVE-2025-6490 – Nokogiri Heap-Based Buffer Overflow Vulnerability

June 22, 2025

CVE ID : CVE-2025-6490

Published : June 22, 2025, 7:15 p.m. | 5 hours, 39 minutes ago

Description : A vulnerability was found in sparklemotion nokogiri up to 1.18.7 and classified as problematic. This issue affects the function hashmap_set_with_hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-6492 – MarkText Regular Expression Complexity Remote Vulnerability

Next Article CVE-2025-6489 – iSourcecode Agri-Trading Online Shopping System SQL Injection Vulnerability

Google’s Agent2Agent protocol finds new home at the Linux Foundation

Decoding The SVG path Element: Curve And Arc Commands

This week in AI dev tools: Gemini 2.5 Pro and Flash GA, GitHub Copilot Spaces, and more (June 20, 2025)

Gemini 2.5 Pro and Flash are generally available and Gemini 2.5 Flash-Lite preview is announced

Best early Prime Day Nintendo Switch deals: My 17 favorite sales live now

How I use VirtualBox to run any OS on my Mac – including Linux

Apple will give you a free pair of AirPods when you buy a MacBook or iPad for school – here’s who’s eligible

How Apple’s biggest potential acquisition ever could perplex AI rivals like Google

Music Streaming Platform using PHP and MySQL

Music Streaming Platform using PHP and MySQL

Solutions That Benefit Everyone – Why Inclusive Design Matters for All

Reducing Barriers Across Industries Through Inclusive Design

Windows 11 Installation Assistant Download: 2025 Guide

Windows 11 Installation Assistant Download: 2025 Guide

Didn’t Receive Gears of War: Reloaded Code? Explainer

Fix Vibrant Visuals Greyed Out in Minecraft Bedrock

CVE-2025-6490 – Nokogiri Heap-Based Buffer Overflow Vulnerability

Typhoon-like gang slinging TLS certificate ‘signed’ by the Los Angeles Police Department

Wedding Invitation Scam: SpyMax RAT Targets Indian WhatsApp Users, Stealing OTPs & Banking Credentials

CVE-2025-37796 – “Linux Kernel WiFi at76c50x Use After Free”

CVE-2025-5750 – WOLFBOX Level 2 EV Charger TuyaSvcDevosActivateResultParse Heap Buffer Overflow Remote Code Execution Vulnerability

CVE-2024-55912 – IBM Concert Software Cryptographic Weakness

FastVLM: Efficient Vision encoding for Vision Language Models

CVE-2025-27956 – WebLaudos Directory Traversal Information Disclosure

Bill Gates to donate ‘99% of his billions’ to fix Elon Musk’s mess: “The picture of the world’s richest man killing the world’s poorest children is not a pretty one”

This rugged Android phone has something I’ve never seen on competing models

The First Look of Android 16, Wear OS Bold New Redesign is OUT Featuring Material 3 Expressive [WATCH]

CVE-2025-6490 – Nokogiri Heap-Based Buffer Overflow Vulnerability

Related Posts