CVE-2025-2757

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A critical vulnerability was found in Open Asset Import Library Assimp, affecting the function AI MD5 PARSE STRING IN QUOTATION of the file code/AssetLib/MD5/MD5Parser.cpp of the component MD5 File Handler. The manipulation of the argument data leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Recommendations For Open Asset Import Library Assimp version 5.4.3, consider disabling the AI MD5 PARSE STRING IN QUOTATION function until a patch is available. Restrict access to the MD5 File Handler component to minimize the risk of exploitation. Avoid using the affected function in the code/AssetLib/MD5/MD5Parser.cpp file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.