{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-6120", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-06-15T10:18:10.430Z", "datePublished": "2025-06-16T11:31:06.030Z", "dateUpdated": "2025-06-16T14:47:28.362Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T11:31:06.030Z"}, "title": "Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-122", "lang": "en", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-119", "lang": "en", "description": "Memory Corruption"}]}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"version": "5.4.0", "status": "affected"}, {"version": "5.4.1", "status": "affected"}, {"version": "5.4.2", "status": "affected"}, {"version": "5.4.3", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "In Open Asset Import Library Assimp bis 5.4.3 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion read_meshes in der Bibliothek assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R", "baseSeverity": "MEDIUM"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-06-15T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-06-15T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-06-15T12:23:17.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "Rulkallos (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.312589", "name": "VDB-312589 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312589", "name": "VDB-312589 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.591235", "name": "Submit #591235 | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6220", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6220#issuecomment-2945018579", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz", "tags": ["exploit"]}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-16T14:41:43.487968Z", "id": "CVE-2025-6120", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T14:47:28.362Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6120", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-16T14:41:43.487968Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-16T14:41:59.970Z"}}], "cna": {"title": "Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow", "credits": [{"lang": "en", "type": "reporter", "value": "Rulkallos (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 5.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 4.3, "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "Open Asset Import Library", "product": "Assimp", "versions": [{"status": "affected", "version": "5.4.0"}, {"status": "affected", "version": "5.4.1"}, {"status": "affected", "version": "5.4.2"}, {"status": "affected", "version": "5.4.3"}]}], "timeline": [{"lang": "en", "time": "2025-06-15T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-06-15T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-06-15T12:23:17.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.312589", "name": "VDB-312589 | Open Asset Import Library Assimp HL1MDLLoader.cpp read_meshes heap-based overflow", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.312589", "name": "VDB-312589 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.591235", "name": "Submit #591235 | Open Asset Import Library Assimp 5.4.3 Heap-based Buffer Overflow", "tags": ["third-party-advisory"]}, {"url": "https://github.com/assimp/assimp/issues/6220", "tags": ["issue-tracking"]}, {"url": "https://github.com/assimp/assimp/issues/6220#issuecomment-2945018579", "tags": ["issue-tracking"]}, {"url": "https://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "de", "value": "In Open Asset Import Library Assimp bis 5.4.3 wurde eine kritische Schwachstelle entdeckt. Hierbei betrifft es die Funktion read_meshes in der Bibliothek assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. Mit der Manipulation mit unbekannten Daten kann eine heap-based buffer overflow-Schwachstelle ausgenutzt werden. Der Angriff muss lokal angegangen werden. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "Heap-based Buffer Overflow"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-119", "description": "Memory Corruption"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-06-16T11:31:06.030Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6120", "state": "PUBLISHED", "dateUpdated": "2025-06-16T14:47:28.362Z", "dateReserved": "2025-06-15T10:18:10.430Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-06-16T11:31:06.030Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:*", "matchCriteriaId": "98B01F65-8DE4-4196-9BC8-677D3C31D07C", "versionEndIncluding": "5.4.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future."}, {"lang": "es", "value": "Se detect\u00f3 una vulnerabilidad cr\u00edtica en Open Asset Import Library Assimp hasta la versi\u00f3n 5.4.3. Esta vulnerabilidad afecta a la funci\u00f3n read_meshes de la librer\u00eda assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. La manipulaci\u00f3n provoca un desbordamiento del b\u00fafer en el mont\u00f3n. Es posible lanzar el ataque contra el host local. Se ha hecho p\u00fablico el exploit y puede que sea utilizado. El proyecto decidi\u00f3 recopilar todos los errores de Fuzzer en una publicaci\u00f3n principal para abordarlos en el futuro."}], "id": "CVE-2025-6120", "lastModified": "2025-06-17T19:37:41.883", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.4, "source": "cna@vuldb.com", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-06-16T12:15:19.750", "references": [{"source": "cna@vuldb.com", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "https://github.com/assimp/assimp/issues/6220"}, {"source": "cna@vuldb.com", "tags": ["Issue Tracking"], "url": "https://github.com/assimp/assimp/issues/6220#issuecomment-2945018579"}, {"source": "cna@vuldb.com", "tags": ["Exploit"], "url": "https://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz"}, {"source": "cna@vuldb.com", "tags": ["Permissions Required"], "url": "https://vuldb.com/?ctiid.312589"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?id.312589"}, {"source": "cna@vuldb.com", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://vuldb.com/?submit.591235"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}, {"lang": "en", "value": "CWE-122"}], "source": "cna@vuldb.com", "type": "Primary"}]}

{"bugzilla": {"description": "assimp: Open Asset Import Library heap-based overflow", "id": "2372998", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2372998"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "status": "draft"}, "cwe": "(CWE-119|CWE-122)", "details": ["A vulnerability classified as critical was found in Open Asset Import Library Assimp up to 5.4.3. Affected by this vulnerability is the function read_meshes in the library assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The project decided to collect all Fuzzer bugs in a main-issue to address them in the future.", "A vulnerability has been discovered in the Open Asset Import Library (Assimp), specifically within the read_meshes functionality of the assimp/code/AssetLib/MDL/HalfLife/HL1MDLLoader.cpp file (related to Half-Life 1 MDL file loading). This flaw can lead to a heap-based buffer overflow. Under specific conditions, exploitation of this buffer overflow could result in unpredictable program behavior, memory corruption, or arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2025-6120", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "qt6-qtquick3d", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "qt5-qt3d", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2025-06-16T11:31:06Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-6120\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-6120\nhttps://github.com/assimp/assimp/issues/6220\nhttps://github.com/assimp/assimp/issues/6220#issuecomment-2945018579\nhttps://github.com/user-attachments/files/20605340/read_meshes_reproduce.tar.gz\nhttps://vuldb.com/?ctiid.312589\nhttps://vuldb.com/?id.312589\nhttps://vuldb.com/?submit.591235"], "threat_severity": "Moderate"}