CVE-2025-2752 - Vulnerability Details

A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact partial

Vendors	Products
Assimp	Assimp

Configuration 1 [-]

cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/assimp/assimp/issues/6013
https://github.com/assimp/assimp/issues/6013#issue-2877371176
https://vuldb.com/?ctiid.300857
https://vuldb.com/?id.300857
https://vuldb.com/?submit.517786

History

Thu, 17 Jul 2025 22:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Assimp Assimp assimp
CPEs		cpe:2.3:a:assimp:assimp:5.4.3:::::::*
Vendors & Products		Assimp Assimp assimp

Mon, 31 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 25 Mar 2025 08:15:00 +0000

Type	Values Removed	Values Added
Description		A vulnerability was found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This issue affects the function fast_atoreal_move in the library include/assimp/fast_atof.h of the component CSM File Handler. The manipulation leads to out-of-bounds read. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
Title		Open Asset Import Library Assimp CSM File fast_atof.h fast_atoreal_move out-of-bounds
Weaknesses		CWE-119 CWE-125
References		https://github.com/assimp/assimp/issues/6013 https://github.com/assimp/assimp/issues/6013#issue-2877371176 https://vuldb.com/?ctiid.300857 https://vuldb.com/?id.300857 https://vuldb.com/?submit.517786
Metrics		cvssV2_0 `{'score': 5, 'vector': 'AV:N/AC:L/Au:N/C:N/I:N/A:P'}` cvssV3_0 `{'score': 4.3, 'vector': 'CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}` cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L'}` cvssV4_0 `{'score': 5.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N'}`

MITRE

Status: PUBLISHED

Assigner: VulDB

Published: 2025-03-25T08:00:11.272Z

Updated: 2025-03-31T17:27:11.090Z

Reserved: 2025-03-24T16:47:23.145Z

Link: CVE-2025-2752

Vulnrichment

Updated: 2025-03-31T17:27:01.175Z

NVD

Status : Analyzed

Published: 2025-03-25T08:15:20.193

Modified: 2025-07-17T21:50:43.057

Link: CVE-2025-2752

Redhat

No data.

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Attack Requirements None

User Interaction Passive

Vulnerable System Confidentiality Impact None

Vulnerable System Integrity Impact None

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact None

Subsequent System Integrity Impact None

Subsequent System Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction Required

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

Exploitation poc

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object