CVE-2025-15538

medium

Description

A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.

References

https://vuldb.com/?submit.735232

https://vuldb.com/?id.341727

https://github.com/user-attachments/files/21216542/assimp_poc10.zip

https://vuldb.com/?ctiid.341727

https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530

https://github.com/assimp/assimp/issues/6258

Details

Source: Mitre, NVD

Published: 2026-01-18

Updated: 2026-02-10

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:L/AC:L/Au:S/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

CVSS v4

Base Score: 4.8

Vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Severity: Medium

EPSS

EPSS: 0.00013