CVE-2025-6119
BaseFortify
Publication date: 2025-06-16
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| assimp | assimp | to 5.4.3 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-119 | The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data. |
| CWE-416 | The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-6119 is a critical use-after-free vulnerability in the Open Asset Import Library (Assimp) versions up to 5.4.3. It occurs in the function Assimp::BVHLoader::ReadNodeChannels when the argument pNode or its member mChannels vector is accessed after its memory has been freed. This happens during the parsing of BVH (Biovision Hierarchy) format files, where the function pushes new channel identifiers into the vector. If pNode or its mChannels vector has been prematurely deallocated, this leads to undefined behavior such as program crashes or potential arbitrary code execution. The vulnerability requires local access to exploit and has a publicly available proof-of-concept exploit. No official patch or mitigation is currently available. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can cause program crashes, unexpected behavior, and potentially allow an attacker with local access to execute arbitrary code by exploiting the use-after-free condition. It impacts the confidentiality, integrity, and availability of affected systems by enabling unauthorized code execution or denial of service during the processing of BVH files in Assimp. Since the exploit requires local access, remote exploitation is not possible, but local attackers or malicious users could leverage this flaw to compromise the system. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is a local use-after-free bug in the Assimp library's BVH loader, which requires local access and cannot be detected via network scanning. Detection involves monitoring for crashes or abnormal behavior when processing BVH files with Assimp versions up to 5.4.3. Using debugging tools such as AddressSanitizer (ASAN) during fuzz testing or runtime can help identify use-after-free issues. There are no specific commands provided for detection, but running Assimp with ASAN enabled on BVH files or using fuzzing tools targeting the ReadNodeChannels function can reveal the vulnerability. [3, 1]
What immediate steps should I take to mitigate this vulnerability?
As of the latest information, no official patch or mitigation is available for this vulnerability. Immediate steps include avoiding the use of vulnerable Assimp versions (up to 5.4.3) when processing untrusted BVH files, considering alternative libraries or products, and restricting local access to systems running vulnerable versions to trusted users only. Monitoring for updates from the Assimp project and applying patches once released is recommended. [1]