CVE-2025-11274 MEDIUM

CVE-2025-11274: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile allocation of resources

Vendor Open Asset Import Library
Product Assimp
Weakness CWE-770 · Uncontrolled resource consumption
Published October 5, 2025
Last update February 24, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A vulnerability was determined in Open Asset Import Library Assimp 6.0.2. Affected is the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. This manipulation causes allocation of resources. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized.

Key dates

02Disclosure timeline

October 5, 2025 CVE published
February 24, 2026 Record updated