CVE-2025-11277

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 6.0.2

Description A flaw exists in Open Asset Import Library Assimp 6.0.2 within the Q3DImporter::InternReadFile function located in the assimp/code/AssetLib/Q3D/Q3DLoader.cpp file. This can lead to a heap-based buffer overflow. The issue is exploitable locally, and details about the exploit are publicly available.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Buffer Overflow

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-122

Related Identifiers

ALSA-2025:20963

ALSA-2025:22361

BDU:2025-15598

CVE-2025-11277

INFSA-2025_19911

INFSA-2025_20963

OESA-2026-1079

OESA-2026-1080

OESA-2026-1081

OESA-2026-1082

OESA-2026-1083

OESA-2026-1084

PYSEC-2025-157

RHSA-2025:19911

RHSA-2025:20963

RHSA-2025:22361

RHSA-2025:22413

RHSA-2025:22414

RHSA-2025:22549

RHSA-2025:22663

RHSA-2025_19911

RHSA-2025_20963

Affected Products

Almalinux

Assimp

Debian

Red Hat

Red Os

Rocky Linux

CVE-2025-11277

Weakness Enumeration

Related Identifiers

Affected Products

References · 49