CVE-2025-11015 MEDIUM

CVE-2025-11015: OGRECave Ogre OgreSTBICodec.cpp encode mismatched memory management routines

Vendor Ogrecave
Product Ogre
Weakness CWE-762
Published September 26, 2025
Last update September 26, 2025

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in OGRECave Ogre up to 14.4.1. Impacted is the function STBIImageCodec::encode of the file /ogre/PlugIns/STBICodec/src/OgreSTBICodec.cpp. This manipulation causes mismatched memory management routines. The attack is restricted to local execution. The exploit has been made available to the public and could be exploited.

Key dates

02Disclosure timeline

September 26, 2025 CVE published
September 26, 2025 Record updated