{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6119", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-15T10:18:07.594Z", "datePublished": "2025-06-16T11:00:09.282Z", "dateUpdated": "2025-06-16T15:35:22.956Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T11:00:09.282Z"}, "title": "Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "Use After Free"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.0", "status": "affected"}, {"version": "5.4.1", "status": "affected"}, {"version": "5.4.2", "status": "affected"}, {"version": "5.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in Open Asset Import Library Assimp bis 5.4.3 entdeckt. Dabei betrifft es die Funktion Assimp::BVHLoader::ReadNodeChannels in der Bibliothek assimp/code/AssetLib/BVH/BVHLoader.cpp. Dank Manipulation des Arguments pNode mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T12:23:16.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Rulkallos (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312588", "name": "VDB-312588 | Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312588", "name": "VDB-312588 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.591233", "name": "Submit #591233 | Open Asset Import Library Assimp 5.4.3 Use After Free", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6219", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6219#issuecomment-2945016005", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20604791/reproduce_2.tar.gz", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T15:34:52.987047Z", "id": "CVE-2025-6119", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T15:35:22.956Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6119", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T15:34:52.987047Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T15:35:17.211Z"}}], "cna": {"title": "Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free", "credits": [{"lang": "en", "type": "reporter", "value": "Rulkallos (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.0"}, {"status": "affected", "version": "5.4.1"}, {"status": "affected", "version": "5.4.2"}, {"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T12:23:16.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312588", "name": "VDB-312588 | Open Asset Import Library Assimp BVHLoader.cpp ReadNodeChannels use after free", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312588", "name": "VDB-312588 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.591233", "name": "Submit #591233 | Open Asset Import Library Assimp 5.4.3 Use After Free", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6219", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6219#issuecomment-2945016005", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20604791/reproduce_2.tar.gz", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "Es wurde eine kritische Schwachstelle in Open Asset Import Library Assimp bis 5.4.3 entdeckt. Dabei betrifft es die Funktion Assimp::BVHLoader::ReadNodeChannels in der Bibliothek assimp/code/AssetLib/BVH/BVHLoader.cpp. Dank Manipulation des Arguments pNode mit unbekannten Daten kann eine use after free-Schwachstelle ausgenutzt werden. Der Angriff hat dabei lokal zu erfolgen. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "Use After Free"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T11:00:09.282Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6119", "state": "PUBLISHED", "dateUpdated": "2025-06-16T15:35:22.956Z", "dateReserved": "2025-06-15T10:18:07.594Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-16T11:00:09.282Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*", "matchCriteriaId": "98B01F65-8DE4-4196-9BC8-677D3C31D07C", "versionEndIncluding": "5.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad cr\u00edtica en Open Asset Import Library Assimp hasta la versi\u00f3n 5.4.3. La funci\u00f3n Assimp::BVHLoader::ReadNodeChannels de la librer\u00eda assimp/code/AssetLib/BVH/BVHLoader.cpp se ve afectada. La manipulaci\u00f3n del argumento pNode provoca use after free. Es obligatorio realizar ataques locales. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El proyecto decidi\u00f3 recopilar todos los errores de Fuzzer en una publicaci\u00f3n principal para abordarlos en el futuro."}], "id": "CVE-2025-6119", "lastModified": "2025-06-17T19:38:01.073", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-16T11:15:19.210", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/assimp/assimp/issues/6219"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6219#issuecomment-2945016005"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/user-attachments/files/20604791/reproduce_2.tar.gz"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.312588"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.312588"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.591233"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-416"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Open Asset Import Library use after free", "id": "2372999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372999"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-416)", "details": ["A vulnerability classified as critical has been found in Open Asset Import Library Assimp up to 5.4.3. Affected is the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.", "A vulnerability has been identified in the Open Asset Import Library (Assimp), specifically within the Assimp::BVHLoader::ReadNodeChannels functionality in the assimp/code/AssetLib/BVH/BVHLoader.cpp file. This flaw can lead to a use-after-free condition. Under certain specific conditions, exploitation of this use-after-free could result in unpredictable program behavior or system instability."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6119", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "qt6-qtquick3d", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-16T11:00:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6119\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6119\nhttps://github.com/assimp/assimp/issues/6219\nhttps://github.com/assimp/assimp/issues/6219#issuecomment-2945016005\nhttps://github.com/user-attachments/files/20604791/reproduce_2.tar.gz\nhttps://vuldb.com/?ctiid.312588\nhttps://vuldb.com/?id.312588\nhttps://vuldb.com/?submit.591233"], "threat_severity": "Moderate"}