{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-5169", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-05-25T13:14:31.898Z", "datePublished": "2025-05-26T04:31:06.070Z", "dateUpdated": "2025-05-28T17:36:48.390Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-26T04:31:06.070Z"}, "title": "Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion MDLImporter::InternReadFile_3DGS_MDL345 der Datei assimp/code/AssetLib/MDL/MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "timeline": [{"time": "2025-05-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-05-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-05-25T15:19:43.000Z", "lang": "en", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.310257", "name": "VDB-310257 | Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310257", "name": "VDB-310257 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.578004", "name": "Submit #578004 | Open Asset Import Library Assimp 5.4.3 Heap Out of Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6171", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6128", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20208891/reproducer.zip", "tags": ["exploit"]}]}, "adp": [{"references": [{"url": "https://github.com/assimp/assimp/issues/6171", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-05-27T14:19:37.044088Z", "id": "CVE-2025-5169", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-28T17:36:48.390Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5169", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-05-27T14:19:37.044088Z"}}}], "references": [{"url": "https://github.com/assimp/assimp/issues/6171", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-27T14:19:38.845Z"}}], "cna": {"title": "Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds", "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-05-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-05-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-05-25T15:19:43.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.310257", "name": "VDB-310257 | Open Asset Import Library Assimp MDLLoader.cpp InternReadFile_3DGS_MDL345 out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.310257", "name": "VDB-310257 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.578004", "name": "Submit #578004 | Open Asset Import Library Assimp 5.4.3 Heap Out of Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6171", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6128", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20208891/reproducer.zip", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 entdeckt. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion MDLImporter::InternReadFile_3DGS_MDL345 der Datei assimp/code/AssetLib/MDL/MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff muss lokal erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-05-26T04:31:06.070Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5169", "state": "PUBLISHED", "dateUpdated": "2025-05-28T17:36:48.390Z", "dateReserved": "2025-05-25T13:14:31.898Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-05-26T04:31:06.070Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD8EC697-A5C6-4066-9E02-9181B33F7428", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad clasificada como problem\u00e1tica en Open Asset Import Library Assimp 5.4.3. Esta afecta a la funci\u00f3n MDLImporter::InternReadFile_3DGS_MDL345 del archivo assimp/code/AssetLib/MDL/MDLLoader.cpp. La manipulaci\u00f3n provoca lecturas fuera de los l\u00edmites. Se requiere acceso local para abordar este ataque. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El proyecto decidi\u00f3 recopilar todos los errores de Fuzzer en una incidencia principal para abordarlos en el futuro."}], "id": "CVE-2025-5169", "lastModified": "2025-06-03T15:41:01.973", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-05-26T05:15:19.387", "references": [{"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6128"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/assimp/assimp/issues/6171"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/user-attachments/files/20208891/reproducer.zip"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.310257"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.310257"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.578004"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://github.com/assimp/assimp/issues/6171"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Assimp Out-of-Bounds Read Vulnerability", "id": "2368513", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2368513"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-125)", "details": ["A vulnerability classified as problematic has been found in Open Asset Import Library Assimp 5.4.3. This affects the function MDLImporter::InternReadFile_3DGS_MDL345 of the file assimp/code/AssetLib/MDL/MDLLoader.cpp. The manipulation leads to out-of-bounds read. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.", "A flaw was found in the Open Asset Import Library (Assimp). This vulnerability allows an out-of-bounds read via malicious MDL files. Local access is required."], "name": "CVE-2025-5169", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-05-26T04:31:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-5169\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-5169\nhttps://github.com/assimp/assimp/issues/6128\nhttps://github.com/assimp/assimp/issues/6171\nhttps://github.com/user-attachments/files/20208891/reproducer.zip\nhttps://vuldb.com/?ctiid.310257\nhttps://vuldb.com/?id.310257\nhttps://vuldb.com/?submit.578004"], "threat_severity": "Low"}