CVE-2025-6141

LOW 3.3

GNU ncurses parse_entry.c postprocess_termcap stack-based overflow

CVSS Score

3.3

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability has been found in GNU ncurses up to 6.5-20250322 and classified as problematic. This vulnerability affects the function postprocess_termcap of the file tinfo/parse_entry.c. The manipulation leads to stack-based buffer overflow. The attack needs to be approached locally. Upgrading to version 6.5-20250329 is able to address this issue. It is recommended to upgrade the affected component.

CWE	CWE-121 CWE-119
Vendor	gnu
Product	ncurses
Published	Jun 16, 2025
Last Updated	Jun 2, 2026

Stay Ahead of the Next One

Get instant alerts for gnu ncurses

Be the first to know when new low vulnerabilities affecting gnu ncurses are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:X/RL:O/RC:C

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

GNU / ncurses

6.5-20250322

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/?id.312610 vuldb.com: https://vuldb.com/?ctiid.312610 vuldb.com: https://vuldb.com/?submit.593000 lists.gnu.org: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00107.html lists.gnu.org: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00109.html lists.gnu.org: https://lists.gnu.org/archive/html/bug-ncurses/2025-03/msg00114.html invisible-island.net: https://invisible-island.net/ncurses/NEWS.html#index-t20250329 gnu.org: https://www.gnu.org/ cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-089022.html cert-portal.siemens.com: https://cert-portal.siemens.com/productcert/html/ssa-253495.html

Credits

🔍 JJLeo (VulDB User)