CVE-2025-2591

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A vulnerability was found in the Open Asset Import Library Assimp. This issue affects the function MDLImporter::InternReadFile Quake1 of the file code/AssetLib/MDL/MDLLoader.cpp. The manipulation of the arguments skinwidth and skinheight leads to a divide by zero error. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, apply the patch identified as ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd. As a temporary workaround, consider restricting the use of the MDLImporter::InternReadFile Quake1 function until a patch is available. Avoid manipulating the skinwidth and skinheight arguments in the affected function to minimize the risk of exploitation.

Exploit

Fix

DoS

Improper Resource Release

Divide By Zero

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-404CWE-369

Related Identifiers

BDU:2025-12577

CVE-2025-2591

OESA-2026-1079

OESA-2026-1080

OESA-2026-1083

OESA-2026-1084

OPENSUSE-SU-2025:0113-1

OPENSUSE-SU-2025:14950-1

OPENSUSE-SU-2026:20781-1

PYSEC-2025-160

SUSE-SU-2026:21821-1

Affected Products

Assimp

Debian

Red Os

CVE-2025-2591

Weakness Enumeration

Related Identifiers

Affected Products

References · 56