CVE-2025-2750 - Vulnerability Details

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Assimp	Assimp

Configuration 1 [-]

cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/assimp/assimp/issues/6011
https://github.com/assimp/assimp/issues/6011#issue-2877369004
https://vuldb.com/?ctiid.300855
https://vuldb.com/?id.300855
https://vuldb.com/?submit.517783

History

Thu, 17 Jul 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Assimp Assimp assimp
CPEs		cpe:2.3:a:assimp:assimp:5.4.3:::::::*
Vendors & Products		Assimp Assimp assimp

Mon, 31 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 25 Mar 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation leads to out-of-bounds write. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
Title		Open Asset Import Library Assimp CSM File CSMLoader.cpp InternReadFile out-of-bounds write
Weaknesses		CWE-119 CWE-787
References		https://github.com/assimp/assimp/issues/6011 https://github.com/assimp/assimp/issues/6011#issue-2877369004 https://vuldb.com/?ctiid.300855 https://vuldb.com/?id.300855 https://vuldb.com/?submit.517783
Metrics		cvssV2_0 `{'score': 7.5, 'vector': 'AV:N/AC:L/Au:N/C:P/I:P/A:P'}` cvssV3_0 `{'score': 6.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}` cvssV3_1 `{'score': 6.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-03-25T07:31:03.681Z

Updated: 2025-03-31T17:38:57.671Z

Reserved: 2025-03-24T16:47:17.254Z

Link: CVE-2025-2750

Vulnrichment

Updated: 2025-03-31T17:38:50.697Z

NVD

Status : Analyzed

Published: 2025-03-25T08:15:19.203

Modified: 2025-07-17T21:51:55.853

Link: CVE-2025-2750

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object