Vulnerability Description
A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ogre3D | Ogre | <= 14.4.1 |
Related Weaknesses (CWE)
References
- https://github.com/OGRECave/ogre/issues/3447ExploitIssue Tracking
- https://github.com/user-attachments/files/22335685/poc.zipExploit
- https://vuldb.com/?ctiid.325960Permissions RequiredVDB Entry
- https://vuldb.com/?id.325960Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.654456Third Party AdvisoryVDB Entry
- https://github.com/OGRECave/ogre/issues/3447ExploitIssue Tracking
FAQ
What is CVE-2025-11017?
CVE-2025-11017 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of ...
How severe is CVE-2025-11017?
CVE-2025-11017 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-11017?
Check the references section above for vendor advisories and patch information. Affected products include: Ogre3D Ogre.