CVE-2025-70072
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
A vulnerability in Assimp v.6.0.2 allows a remote attacker to cause a denial of service (DoS) by exploiting an issue in FBXConverter.cpp, specifically in the FBXConverter::ConvertMeshMultiMaterial() function.
Risk Assessment
An attacker can send a specially crafted FBX file, causing the application using Assimp to crash, leading to service disruption and potential financial losses.
Recommendation
Update Assimp to the latest available version that includes a fix for this vulnerability. Until then, restrict processing of FBX files from untrusted sources.
Original NVD description (English source)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXConverter.cpp, FBXConverter::ConvertMeshMultiMaterial() components

