CVE-2025-3015

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3

Description A critical issue has been found in the ASE File Handler component of the Open Asset Import Library Assimp. This issue affects the Assimp::ASEImporter::BuildUniqueRepresentation function in the file ASELoader.cpp. The manipulation of the mIndices argument leads to an out-of-bounds read. It is possible to initiate the attack remotely.

Recommendations For Open Asset Import Library Assimp version 5.4.3, upgrade to version 6.0 to address this issue. As a temporary workaround, consider restricting access to the ASELoader.cpp file or the Assimp::ASEImporter::BuildUniqueRepresentation function until the patch is applied. Apply the patch named 7c705fde418d68cca4e8eff56be01b2617b0d6fe to fix this issue.

Exploit

Fix

Buffer Overflow

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125

Related Identifiers

BDU:2025-12928

CVE-2025-3015

OESA-2025-1402

OESA-2025-1403

OESA-2025-1404

OESA-2025-1405

OPENSUSE-SU-2025:0113-1

OPENSUSE-SU-2025:14950-1

OPENSUSE-SU-2026:20781-1

SUSE-SU-2026:21821-1

Affected Products

Assimp

Debian

Red Os

CVE-2025-3015

Weakness Enumeration

Related Identifiers

Affected Products

References · 56