Vulnerability Description
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Assimp | Assimp | <= 6.0.2 |
Related Weaknesses (CWE)
References
- https://github.com/assimp/assimp/issues/6258ExploitIssue Tracking
- https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530ExploitIssue Tracking
- https://github.com/user-attachments/files/21216542/assimp_poc10.zipExploit
- https://vuldb.com/?ctiid.341727Permissions RequiredVDB Entry
- https://vuldb.com/?id.341727Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.735232Third Party AdvisoryVDB Entry
FAQ
What is CVE-2025-15538?
CVE-2025-15538 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/c...
How severe is CVE-2025-15538?
CVE-2025-15538 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-15538?
Check the references section above for vendor advisories and patch information. Affected products include: Assimp Assimp.