CVE Catalog

CVE-2025-70070

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

A denial of service vulnerability has been discovered in Assimp version 6.0.2. The issue resides in FBXMeshGeometry.cpp within the MeshGeometry::MeshGeometry() function. A remote attacker can exploit this flaw to cause a denial of service.

Risk Assessment

An attacker can remotely crash applications using the Assimp library, leading to service disruption and potential loss of availability.

Recommendation

Update the Assimp library to the latest available version that includes a fix for this vulnerability. If an update is not possible, restrict access to functions processing FBX files.

Original NVD description (English source)

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

Vulnerability data from NVD (NIST) · CISA KEV · EPSS