VDB
CVE-2025-15538
CVE-2025-15538
PUBLISHED
CVSS 4.800000190734863 MEDIUM
A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
EPSS 0.03% · 10.4th percentile
Risk Scores
CVSS v4.0
4.800000190734863
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P
EPSS Score
0.03%
10.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Open Asset Import Library | Assimp | 6.0.0, 6.0.2, 6.0.1 |
| assimp | assimp | 0 |
Timeline
- Jan 18, 2026 CVE ID Reserved
- Jan 18, 2026 CVE Published
- Jan 19, 2026 EPSS Score
- Jan 19, 2026 PoC Published
- Jan 22, 2026 EPSS Score
- Jan 25, 2026 EPSS Score
- Jan 27, 2026 EPSS Score
- Jan 30, 2026 EPSS Score
- Feb 2, 2026 EPSS Score
- Feb 5, 2026 EPSS Score
- Feb 7, 2026 EPSS Score
- Feb 10, 2026 EPSS Score
References
- VDB-341727 | CTI Indicators (IOB, IOC, IOA) url
- VDB-341727 | Open Asset Import Library Assimp LWOMaterial.cpp FindUVChannels use after free vdb
- Submit #735232 | Open Asset Import Library Assimp 6.0.2 Use After Free third-party-advisory
- https://github.com/assimp/assimp/issues/6258 issue
- https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 issue
- https://github.com/user-attachments/files/21216542/assimp_poc10.zip exploit
- https://nvd.nist.gov/vuln/detail/CVE-2025-15538 advisory