Login Sign Up

CVE-2025-10997

5.3 MEDIUM
Buffer Overflow

📋 TL;DR

A heap-based buffer overflow vulnerability exists in Open Babel versions up to 3.1.1, specifically in the ChemKinFormat::CheckSpecies function. This allows local attackers to execute arbitrary code or cause denial of service by manipulating input files. Only systems running vulnerable Open Babel versions with local user access are affected.

💻 Affected Systems

Products:
  • Open Babel
Versions: All versions up to and including 3.1.1
Operating Systems: All platforms where Open Babel is installed (Linux, Windows, macOS)
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is triggered when processing specially crafted ChemKin format files through the vulnerable function.

📦 What is this software?

Open Babel by Openbabel

View all CVEs affecting Open Babel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation leading to full system compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crash (denial of service) or limited code execution within the context of the Open Babel process.

🟢

If Mitigated

Minimal impact if proper sandboxing, least privilege, and input validation are implemented.

🌐 Internet-Facing: LOW - The exploit requires local execution and cannot be triggered remotely.
🏢 Internal Only: MEDIUM - Local users with access to vulnerable systems could exploit this, but requires specific file manipulation.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Proof-of-concept exploit is publicly available in the referenced GitHub attachments. Exploitation requires local access and ability to feed malicious input to the vulnerable function.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Open Babel 3.1.2 or later

Vendor Advisory: https://github.com/openbabel/openbabel/issues/2830

Restart Required: No

Instructions:

1. Check current version with 'obabel --version'. 2. Update via package manager (apt/yum/brew) or compile from source. 3. Verify update with 'obabel --version' showing 3.1.2+.

🔧 Temporary Workarounds

Restrict ChemKin file processing

all

Disable or restrict processing of ChemKin format files if not required.

# Remove or restrict .inp/.ck files from user access
# Configure application to reject ChemKin inputs

🧯 If You Can't Patch

  • Implement strict file input validation and sanitization for ChemKin format files.
  • Run Open Babel in sandboxed/containerized environments with minimal privileges.

🔍 How to Verify

Check if Vulnerable:

Run 'obabel --version' and check if version is 3.1.1 or earlier.

Check Version:

obabel --version

Verify Fix Applied:

Confirm version is 3.1.2 or later with 'obabel --version' and test with known safe ChemKin files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Unusual memory access patterns in system logs
  • Failed ChemKin file processing attempts

Network Indicators:

  • None - local exploitation only

SIEM Query:

Process:obabel AND (EventID:1000 OR ExceptionCode:c0000005)

📊 Metadata

CVE ID: CVE-2025-10997
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.04% exploit probability (11.6th percentile)
Published: September 26, 2025
Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-10997, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)