Download of Code Without Integrity Check (CWE-494)
2025-06-23
cve_disclosure@tech.gov.sg
2.0
CVSS 4.0 · NVD
Severity by source
NVD
PRIMARY
2.0
LOW
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green
Ubuntu
MEDIUM
qualitative
Primary rating from NVD.
CVSS VectorNVD
CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
N
Lifecycle Timeline
4
Patch released
Mar 31, 2026 - 21:13 nvd
Patch available
EUVD ID Assigned
Mar 15, 2026 - 22:10 euvd
EUVD-2025-28480
Analysis Generated
Mar 15, 2026 - 22:10 vuln.today
CVE Published
Jun 23, 2025 - 10:15 nvd
LOW 2.0
DescriptionCVE.org
Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.
This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).
AnalysisAI
CVE-2025-52937 is a security vulnerability (CVSS 2.0). Remediation should follow standard vulnerability management procedures.
Technical ContextAI
Vulnerability type not specified by vendor.
RemediationAI
Monitor vendor channels for patch availability.
Same weakness CWE-494 – Download of Code Without Integrity Check
View allSame technique Information Disclosure
View allVendor StatusVendor
Ubuntu
Priority: Mediumpcl
| Release | Status | Version |
|---|---|---|
| xenial | needs-triage | - |
| bionic | needs-triage | - |
| focal | needs-triage | - |
| jammy | needs-triage | - |
| noble | needs-triage | - |
| upstream | needs-triage | - |
| plucky | ignored | end of life, was needs-triage |
| oracular | ignored | end of life, was needs-triage |
| questing | needs-triage | - |
Debian
pcl
| Release | Status | Fixed Version | Urgency |
|---|---|---|---|
| bullseye | fixed | 1.11.1+dfsg-1 | - |
| bookworm | fixed | 1.13.0+dfsg-3 | - |
| trixie | fixed | 1.15.0+dfsg-2 | - |
| forky | fixed | 1.15.0+dfsg-3 | - |
| sid | fixed | 1.15.1+dfsg-1 | - |
| (unstable) | not-affected | - | - |
Share
External POC / Exploit Code
Leaving vuln.today
Destination URL
POC code from unknown sources may be malicious, contain backdoors, or be fake.
Always review and test exploit code in a safe, isolated environment (VM/sandbox).
Verify the source reputation and cross-reference with known databases (Exploit-DB, GitHub Security).
EUVD-2025-28480