CVE-2025-2592

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A critical vulnerability has been found in Open Asset Import Library Assimp. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations To fix this issue, apply the patch named 2690e354da0c681db000cfd892a55226788f2743. As a temporary workaround, consider disabling the CSMImporter::InternReadFile function until a patch is available. Restrict access to the vulnerable file code/AssetLib/CSM/CSMLoader.cpp to minimize the risk of exploitation.

Exploit

Fix

DoS

Divide By Zero

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-369CWE-119CWE-122

Related Identifiers

BDU:2025-12577

BDU:2025-12578

BDU:2025-12581

CVE-2025-2592

OPENSUSE-SU-2025:0113-1

OPENSUSE-SU-2025:0117-1

OPENSUSE-SU-2025:14950-1

OPENSUSE-SU-2026:20781-1

SUSE-SU-2026:21821-1

Affected Products

Assimp

Debian

Red Os

CVE-2025-2592

Weakness Enumeration

Related Identifiers

Affected Products

References · 58