CVE-2025-6119

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp versions up to 5.4.3

Description A critical vulnerability has been found in the Open Asset Import Library Assimp. The issue affects the function Assimp::BVHLoader::ReadNodeChannels in the library assimp/code/AssetLib/BVH/BVHLoader.cpp. The manipulation of the argument pNode leads to use after free. Local attacks are required to exploit this issue. The exploit has been disclosed to the public and may be used.

Recommendations For versions up to 5.4.3, as a temporary workaround, consider disabling the Assimp::BVHLoader::ReadNodeChannels function until a patch is available. Restrict access to the assimp/code/AssetLib/BVH/BVHLoader.cpp library to minimize the risk of exploitation. Avoid using the argument pNode in the affected function until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.