CVE-2025-2591 — MEDIUM (4.3)

Vulnerability Description

A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the argument skinwidth/skinheight leads to divide by zero. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The patch is identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. It is recommended to apply a patch to fix this issue.

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Assimp	Assimp	5.4.3

Related Weaknesses (CWE)

CWE-404 CWE-369

References

https://github.com/assimp/assimp/issues/6009ExploitIssue Tracking
https://github.com/assimp/assimp/issues/6009#issue-2877367021ExploitIssue Tracking
https://github.com/assimp/assimp/pull/6047Patch
https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b3Patch
https://vuldb.com/?ctiid.300574Permissions RequiredVDB Entry
https://vuldb.com/?id.300574Third Party AdvisoryVDB Entry
https://vuldb.com/?submit.517781Third Party AdvisoryVDB Entry

FAQ

What is CVE-2025-2591?

CVE-2025-2591 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability classified as problematic was found in Open Asset Import Library Assimp 5.4.3. This vulnerability affects the function MDLImporter::InternReadFile_Quake1 of the file code/AssetLib/MDL/...

How severe is CVE-2025-2591?

CVE-2025-2591 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-2591?

Check the references section above for vendor advisories and patch information. Affected products include: Assimp Assimp.