CVE-2025-11274 — LOW (3.3) — White Hats Nepal

Vulnerability Description

A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.

CVSS Score

3.3

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Assimp	Assimp	6.0.2

Related Weaknesses (CWE)

CWE-770 CWE-400

References

https://github.com/assimp/assimp/issues/6356ExploitIssue Tracking
https://github.com/user-attachments/files/22407575/poc.zipExploit
https://vuldb.com/?ctiid.327008Permissions RequiredVDB Entry
https://vuldb.com/?id.327008Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.658075Third Party AdvisoryVDB Entry

FAQ

What is CVE-2025-11274?

CVE-2025-11274 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation cau...

How severe is CVE-2025-11274?

CVE-2025-11274 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-11274?

Check the references section above for vendor advisories and patch information. Affected products include: Assimp Assimp.