CVE Catalog

CVE-2025-70072

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

A vulnerability in Assimp v.6.0.2 allows a remote attacker to cause a denial of service (DoS) by exploiting an issue in FBXConverter.cpp, specifically in the FBXConverter::ConvertMeshMultiMaterial() function.

Risk Assessment

An attacker can send a specially crafted FBX file, causing the application using Assimp to crash, leading to service disruption and potential financial losses.

Recommendation

Update Assimp to the latest available version that includes a fix for this vulnerability. Until then, restrict processing of FBX files from untrusted sources.

Original NVD description (English source)

An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

Vulnerability data from NVD (NIST) · CISA KEV · EPSS