CVE-2025-11277 MEDIUM

CVE-2025-11277: Open Asset Import Library Assimp Q3DLoader.cpp InternReadFile heap-based overflow

Vendor Open Asset Import Library
Product Assimp
Weakness CWE-122
Published October 5, 2025
Last update February 24, 2026

CVSS base score

4.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

A weakness has been identified in Open Asset Import Library Assimp 6.0.2. This affects the function Q3DImporter::InternReadFile of the file assimp/code/AssetLib/Q3D/Q3DLoader.cpp. Executing a manipulation can lead to heap-based buffer overflow. The attack needs to be launched locally. The exploit has been made available to the public and could be used for attacks.

Key dates

02Disclosure timeline

October 5, 2025 CVE published
February 24, 2026 Record updated