Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-2591

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.

Published

2025-03-21T14:15:16.853

Last Modified

2025-07-17T21:53:55.683

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Secondary
CWE-369
CWE-404

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	assimp	assimp	5.4.3	Yes

References

https://github.com/assimp/assimp/issues/6009 Exploit, Issue Tracking ([email protected])
https://github.com/assimp/assimp/issues/6009#issue-2877367021 Exploit, Issue Tracking ([email protected])
https://github.com/assimp/assimp/pull/6047 Patch ([email protected])
https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd Patch ([email protected])
https://vuldb.com/?ctiid.300574 Permissions Required, VDB Entry ([email protected])
https://vuldb.com/?id.300574 Third Party Advisory, VDB Entry ([email protected])
https://vuldb.com/?submit.517781 Third Party Advisory, VDB Entry ([email protected])