Vulnerability Description
A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Common/SceneCombiner.cpp of the component File Handler. The manipulation leads to out-of-bounds read. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The patch is identified as a0993658f40d8e13ff5823990c30b43c82a5daf0. It is recommended to apply a patch to fix this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Assimp | Assimp | 5.4.3 |
Related Weaknesses (CWE)
References
- https://github.com/assimp/assimp/commit/a0993658f40d8e13ff5823990c30b43c82a5daf0Patch
- https://github.com/assimp/assimp/issues/6025ExploitIssue Tracking
- https://github.com/assimp/assimp/issues/6025#issue-2877385383ExploitIssue Tracking
- https://github.com/assimp/assimp/pull/6049Issue TrackingPatch
- https://vuldb.com/?ctiid.303106Permissions RequiredThird Party AdvisoryVDB Entry
- https://vuldb.com/?id.303106Third Party AdvisoryVDB Entry
- https://vuldb.com/?submit.542248Third Party AdvisoryVDB Entry
- https://github.com/assimp/assimp/issues/6025#issue-2877385383ExploitIssue Tracking
FAQ
What is CVE-2025-3160?
CVE-2025-3160 is a vulnerability with a CVSS score of 3.3 (LOW). A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::SceneCombiner::AddNodeHashes of the file code/Co...
How severe is CVE-2025-3160?
CVE-2025-3160 has been rated LOW with a CVSS base score of 3.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-3160?
Check the references section above for vendor advisories and patch information. Affected products include: Assimp Assimp.