Skip to main content

Assimp CVE-2025-70067

| EUVDEUVD-2025-209616 CRITICAL
Heap-based Buffer Overflow (CWE-122)
2026-05-04 mitre
Critical
Disputed · 9.8 Vendor: mitre
Share

Severity by source

Sources disagree (Medium–Critical)
Vendor (mitre) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SUSE
CRITICAL
qualitative
Red Hat
5.6 MEDIUM
qualitative

vuln.today treats the vendor’s rating as authoritative. A higher third-party CVSS (e.g. CISA-ADP) is shown for transparency but does not drive the headline severity.

CVSS VectorVendor: mitre

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Analysis Generated
May 05, 2026 - 16:22 vuln.today
CVSS changed
May 05, 2026 - 16:22 NVD
9.8 (CRITICAL)
EUVD ID Assigned
May 04, 2026 - 14:15 euvd
EUVD-2025-209616
CVE Published
May 04, 2026 - 00:00 nvd
N/A

DescriptionCVE.org

Buffer Overflow vulnerability exists in Assimp versions up to 6.0.2 in the FBX Importer. The vulnerability occurs in aiMaterial::AddBinaryProperty, where a property key string from a crafted FBX file is copied into a fixed-size heap buffer using strcpy() without runtime length validation

AnalysisAI

Heap buffer overflow in Assimp's FBX importer allows remote code execution when processing malicious FBX files. The vulnerability affects Assimp versions up to 6.0.2 through unsafe strcpy() operations in aiMaterial::AddBinaryProperty, enabling attackers to achieve arbitrary code execution with high CVSS severity (9.8). A proof-of-concept exploit is publicly available via GitHub Gist, though EPSS indicates only 0.02% exploitation probability and no CISA KEV listing exists, suggesting limited active exploitation despite the theoretical severity.

Technical ContextAI

Assimp (Open Asset Import Library) is a widely-used C++ library for importing various 3D model formats including FBX (Filmbox). The vulnerability stems from CWE-122 (heap-based buffer overflow) in the FBX import pipeline, specifically within aiMaterial::AddBinaryProperty function. When parsing FBX files, property key strings are copied into fixed-size heap buffers using strcpy() - a classic unsafe C string function that performs no bounds checking. An attacker-crafted FBX file with oversized property key strings triggers the overflow, allowing heap memory corruption. This represents a fundamental memory safety issue common in legacy C/C++ codebases handling untrusted file formats, where parser code predates modern memory-safe practices.

RemediationAI

Upgrade to Assimp version 6.0.3 or later once available, monitoring the official GitHub repository at github.com/assimp/assimp for patched releases addressing this buffer overflow. As of analysis time, no officially tagged fix version is confirmed in available data sources. Until patches are deployed, implement defense-in-depth controls: disable FBX import functionality if not business-critical (Assimp supports 40+ formats, consider restricting to safer alternatives like glTF); validate and sanitize FBX files before processing using file format validators; process untrusted FBX files in sandboxed environments with limited privileges (containers, VMs, capability-restricted processes); implement file size limits and timeout controls on import operations to constrain exploitation window; enable memory protection mechanisms like ASLR, DEP, and heap integrity checks in the runtime environment. Note that disabling FBX support may break workflows dependent on Autodesk ecosystem file exchange. For server-side implementations, consider moving FBX processing to isolated worker services with no network access to limit post-exploitation lateral movement. Monitor vendor advisory channels and apply patches immediately upon release given public POC availability.

More in N A

View all
CVE-2026-31072 CRITICAL POC
9.8 May 19

Remote code execution in APScheduler (all versions through 3.10.x and 4.0.0a5) is achievable when applications deseriali

CVE-2026-36356 CRITICAL POC
9.1 May 05

Unauthenticated remote OS command injection in MeiG Smart FORGE_SLT711 cellular gateway firmware MDM9607.LE.1.0-00110-ST

CVE-2026-31071 CRITICAL POC
9.1 May 19

Unauthenticated API access in LalanaChami Pharmacy Management System (commit 5c3d028) allows remote attackers to dump al

CVE-2025-66391 HIGH POC
8.8 Jun 17

In Citrix Cloud through 2025-11-10, an account with read-only access can trigger the beginning of a workflow for write o

CVE-2026-26740 HIGH POC
8.2 Mar 18

Giflib 5.2.2 contains a buffer overflow in the EGifGCBToExtension function that fails to validate allocated memory when

CVE-2025-60464 HIGH POC
7.8 Jun 25

Denial of service in GPAC's MP4Box multimedia tool (versions before 26.02.0) arises from a use-after-free in the gf_sei_

CVE-2026-36355 HIGH POC
7.7 May 05

Arbitrary kernel memory read/write in Realtek rtl819x Jungle SDK Wi-Fi driver allows local unprivileged attackers to acc

CVE-2025-60474 HIGH POC
7.5 Jun 24

Denial of service in GPAC's MP4Box/libgpac media importer (versions before 26.02.0) lets an attacker crash the tool by s

CVE-2026-38639 HIGH POC
7.5 Jun 26

An issue in the parse_month function (/time/strptime.rs) of relibc commit ab6a2e allows attackers to cause a Denial of S

CVE-2026-38641 HIGH POC
7.5 Jun 26

Denial of service in relibc (the Redox OS C standard library) at commit 61f42d allows attackers to crash a process by ge

CVE-2026-38637 HIGH POC
7.5 Jun 25

An issue in the pthread_rwlockattr_setpshared() function of relibc commit 61f42d allows attackers to cause a Denial of S

CVE-2026-38640 HIGH POC
7.5 Jun 25

Denial of service in relibc (the Redox OS C standard library implementation, commit 61f42d) lets attackers crash a proce

Vendor StatusVendor

SUSE

Severity: Critical
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2025-70067 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy