CVE-2025-52937 - Vulnerability Details - OpenCVE

Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).

Attack Vector Local

Attack Complexity High

Privileges Required Low

Attack Requirements Present

User Interaction None

Vulnerable System Confidentiality Impact Low

Vulnerable System Integrity Impact Low

Vulnerable System Availability Impact Low

Subsequent System Confidentiality Impact Low

Subsequent System Integrity Impact Low

Subsequent System Availability Impact Low

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

No data.

No data.

No data.

References

Link	Providers
https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79
https://github.com/PointCloudLibrary/pcl/pull/6275

History

Mon, 23 Jun 2025 14:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-494
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Mon, 23 Jun 2025 09:45:00 +0000

Type	Values Removed	Values Added
Description		Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).
Title		Vulnerability in PointCloudLibrary PCL
References		https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79 https://github.com/PointCloudLibrary/pcl/pull/6275
Metrics		cvssV4_0 `{'score': 2, 'vector': 'CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green'}`

MITRE

Status: PUBLISHED

Assigner: GovTech CSG

Published: 2025-06-23T09:26:12.727Z

Updated: 2025-06-23T13:26:46.248Z

Reserved: 2025-06-23T09:24:36.336Z

Link: CVE-2025-52937

Vulnrichment

Updated: 2025-06-23T13:26:39.343Z

NVD

Status : Awaiting Analysis

Published: 2025-06-23T10:15:27.717

Modified: 2025-06-23T20:16:21.633

Link: CVE-2025-52937

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52937", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2025-06-23T09:24:36.336Z", "datePublished": "2025-06-23T09:26:12.727Z", "dateUpdated": "2025-06-23T13:26:46.248Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["surface/src/3rdparty/opennurbs"], "product": "pcl", "programFiles": ["crc32.c"], "repo": "https://github.com/PointCloudLibrary/pcl", "vendor": "PointCloudLibrary", "versions": [{"lessThan": "1.14.0", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules).<p> This vulnerability is associated with program files <tt>crc32.C</tt>.</p>This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 2, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:12.727Z"}, "references": [{"tags": ["patch", "third-party-advisory"], "url": "https://github.com/PointCloudLibrary/pcl/pull/6275"}, {"tags": ["patch"], "url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in PointCloudLibrary PCL", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-494", "lang": "en", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T13:26:43.507468Z", "id": "CVE-2025-52937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T13:26:46.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-23T13:26:43.507468Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T13:26:39.343Z"}}], "cna": {"title": "Vulnerability in PointCloudLibrary PCL", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PointCloudLibrary/pcl", "vendor": "PointCloudLibrary", "modules": ["surface/src/3rdparty/opennurbs"], "product": "pcl", "versions": [{"status": "affected", "version": "0", "lessThan": "1.14.0", "versionType": "git"}], "programFiles": ["crc32.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/PointCloudLibrary/pcl/pull/6275", "tags": ["patch", "third-party-advisory"]}, {"url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules).<p> This vulnerability is associated with program files <tt>crc32.C</tt>.</p>This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).", "base64": false}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:12.727Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52937", "state": "PUBLISHED", "dateUpdated": "2025-06-23T13:26:46.248Z", "dateReserved": "2025-06-23T09:24:36.336Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2025-06-23T09:26:12.727Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "id": "CVE-2025-52937", "lastModified": "2025-06-23T20:16:21.633", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2025-06-23T10:15:27.717", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79"}, {"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/PointCloudLibrary/pcl/pull/6275"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}