{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-3015", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-03-31T05:37:55.204Z", "datePublished": "2025-03-31T20:31:06.477Z", "dateUpdated": "2025-03-31T21:21:09.096Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-31T20:31:06.477Z"}, "title": "Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-125", "lang": "en", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.3", "status": "affected"}], "modules": ["ASE File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion Assimp::ASEImporter::BuildUniqueRepresentation der Datei code/AssetLib/ASE/ASELoader.cpp der Komponente ASE File Handler. Durch das Manipulieren des Arguments mIndices mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 6.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7c705fde418d68cca4e8eff56be01b2617b0d6fe bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "timeline": [{"time": "2025-03-31T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-03-31T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-03-31T07:43:00.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "d3ng03 (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.302067", "name": "VDB-302067 | Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302067", "name": "VDB-302067 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524589", "name": "Submit #524589 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6021", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6045", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6021#issue-2877378829", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe", "tags": ["patch"]}]}, "adp": [{"references": [{"url": "https://github.com/assimp/assimp/issues/6021", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-31T21:20:52.272522Z", "id": "CVE-2025-3015", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T21:21:09.096Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3015", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-31T21:20:52.272522Z"}}}], "references": [{"url": "https://github.com/assimp/assimp/issues/6021", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-31T21:21:02.135Z"}}], "cna": {"title": "Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds", "credits": [{"lang": "en", "type": "reporter", "value": "d3ng03 (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 6.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "affected": [{"vendor": "Open Asset Import Library", "modules": ["ASE File Handler"], "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-03-31T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-03-31T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-03-31T07:43:00.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.302067", "name": "VDB-302067 | Open Asset Import Library Assimp ASE File ASELoader.cpp BuildUniqueRepresentation out-of-bounds", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.302067", "name": "VDB-302067 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.524589", "name": "Submit #524589 | Open Asset Import Library Assimp >=5.4.3 Out-of-Bounds Read", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6021", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/pull/6045", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6021#issue-2877378829", "tags": ["exploit", "issue-tracking"]}, {"url": "https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe", "tags": ["patch"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in Open Asset Import Library Assimp 5.4.3 entdeckt. Sie wurde als kritisch eingestuft. Es geht dabei um die Funktion Assimp::ASEImporter::BuildUniqueRepresentation der Datei code/AssetLib/ASE/ASELoader.cpp der Komponente ASE File Handler. Durch das Manipulieren des Arguments mIndices mit unbekannten Daten kann eine out-of-bounds read-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung. Ein Aktualisieren auf die Version 6.0 vermag dieses Problem zu l\u00f6sen. Der Patch wird als 7c705fde418d68cca4e8eff56be01b2617b0d6fe bezeichnet. Als bestm\u00f6gliche Massnahme wird Patching empfohlen."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "Out-of-Bounds Read"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-03-31T20:31:06.477Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3015", "state": "PUBLISHED", "dateUpdated": "2025-03-31T21:21:09.096Z", "dateReserved": "2025-03-31T05:37:55.204Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-03-31T20:31:06.477Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:assimp:assimp:5.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "DD8EC697-A5C6-4066-9E02-9181B33F7428", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASEImporter::BuildUniqueRepresentation of the file code/AssetLib/ASE/ASELoader.cpp of the component ASE File Handler. The manipulation of the argument mIndices leads to out-of-bounds read. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 6.0 is able to address this issue. The patch is named 7c705fde418d68cca4e8eff56be01b2617b0d6fe. It is recommended to apply a patch to fix this issue."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad cr\u00edtica en Open Asset Import Library Assimp 5.4.3. Esta afecta a la funci\u00f3n Assimp::ASEImporter::BuildUniqueRepresentation del archivo code/AssetLib/ASE/ASELoader.cpp del componente ASE File Handler. La manipulaci\u00f3n del argumento mIndices provoca una lectura fuera de los l\u00edmites. Es posible iniciar el ataque de forma remota. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. Actualizar a la versi\u00f3n 6.0 puede solucionar este problema. El parche se llama 7c705fde418d68cca4e8eff56be01b2617b0d6fe. Se recomienda aplicar un parche para solucionar este problema."}], "id": "CVE-2025-3015", "lastModified": "2025-04-17T12:51:20.710", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "PASSIVE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-03-31T21:15:53.757", "references": [{"source": "cna@vuldb.com", "tags": ["Patch"], "url": "https://github.com/assimp/assimp/commit/7c705fde418d68cca4e8eff56be01b2617b0d6fe"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6021"}, {"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6021#issue-2877378829"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/assimp/assimp/pull/6045"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required", "VDB Entry"], "url": "https://vuldb.com/?ctiid.302067"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.302067"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.524589"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6021"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-125"}], "source": "cna@vuldb.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-125"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}