CVE-2025-2750 | THREATINT

Description

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Es wurde eine kritische Schwachstelle in Open Asset Import Library Assimp 5.4.3 gefunden. Es betrifft die Funktion Assimp::CSMImporter::InternReadFile der Datei code/AssetLib/CSM/CSMLoader.cpp der Komponente CSM File Handler. Mittels dem Manipulieren mit unbekannten Daten kann eine out-of-bounds write-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

Reserved 2025-03-24 | Published 2025-03-25 | Updated 2025-03-31 | Assigner VulDB

MEDIUM: 5.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

MEDIUM: 6.3CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

MEDIUM: 6.3CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

7.5AV:N/AC:L/Au:N/C:P/I:P/A:P

Problem types

Out-of-bounds Write

Memory Corruption

Product status

5.4.3

affected

Timeline

2025-03-24:	Advisory disclosed
2025-03-24:	VulDB entry created
2025-03-24:	VulDB entry last update

Credits

d3ng03 (VulDB User) reporter

References

vuldb.com/?id.300855 (VDB-300855 | Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write) vdb-entry technical-description

vuldb.com/?ctiid.300855 (VDB-300855 | CTI Indicators (IOB, IOC, IOA)) signature permissions-required

vuldb.com/?submit.517783 (Submit #517783 | Open Asset Import Library Assimp >=5.4.3 Out-of-bounds Write) third-party-advisory

github.com/assimp/assimp/issues/6011 issue-tracking

github.com/assimp/assimp/issues/6011 exploit issue-tracking

cve.org (CVE-2025-2750)

nvd.nist.gov (CVE-2025-2750)

Download JSON