CVE-2025-2591 – A divide-by-zero vulnerability in Assimp's MDL ... (How to Fix)

📋 TL;DR

A divide-by-zero vulnerability in Assimp's MDL file parser allows remote attackers to cause denial of service by providing specially crafted Quake 1 model files. This affects applications using Assimp library versions 5.4.3 and potentially earlier to parse untrusted MDL files. The vulnerability is triggered when skinwidth or skinheight parameters are manipulated to zero.

💻 Affected Systems

Products:

Open Asset Import Library (Assimp)

Versions: 5.4.3 and potentially earlier versions

Operating Systems: All platforms running Assimp

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects applications that process MDL files using the vulnerable function

📦 What is this software?

Assimp by Assimp

View all CVEs affecting Assimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Application crash leading to denial of service, potentially disrupting services that rely on 3D model processing

🟠

Likely Case

Application instability or crash when processing malicious MDL files, requiring restart

🟢

If Mitigated

No impact if proper input validation or patched version is used

🌐 Internet-Facing: MEDIUM - Remote exploitation possible but requires specific file processing

🏢 Internal Only: LOW - Requires processing of malicious files, unlikely in controlled environments

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploit requires delivering a malicious MDL file to be processed by vulnerable application

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Fixed in commit ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd

Vendor Advisory: https://github.com/assimp/assimp/issues/6009

Restart Required: Yes

Instructions:

1. Update Assimp to latest version or apply commit ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd
2. Recompile applications using Assimp
3. Restart affected services

🔧 Temporary Workarounds

Input validation

all

Validate MDL file inputs before processing, reject files with zero skinwidth/skinheight

Disable MDL processing

all

Disable MDL file format support if not required

🧯 If You Can't Patch

Implement strict file type validation and reject untrusted MDL files
Run Assimp in isolated/sandboxed environment with crash recovery mechanisms

🔍 How to Verify

Check if Vulnerable:

Check Assimp version and if MDL file processing is enabled

Check Version:

assimp version (if CLI installed) or check library version in code

Verify Fix Applied:

Verify Assimp version includes commit ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd

📡 Detection & Monitoring

Log Indicators:

Application crashes during MDL file processing
Divide by zero errors in logs

Network Indicators:

Unexpected MDL file uploads to services using Assimp

SIEM Query:

search 'assimp' AND ('crash' OR 'divide by zero' OR 'MDL')

📊 Metadata

CVE ID: CVE-2025-2591

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE: CWE-369

EPSS Score: 0.1% exploit probability (27.8th percentile)

Published: March 21, 2025

Last Updated: July 17, 2025

🔗 References

https://github.com/assimp/assimp/issues/6009 Exploit,Issue Tracking
https://github.com/assimp/assimp/issues/6009#issue-2877367021 Exploit,Issue Tracking
https://github.com/assimp/assimp/pull/6047 Patch
https://github.com/assimp/assimp/pull/6047/commits/ab66a1674fcfac87aaba4c8b900b315ebc3e7dbd Patch
https://vuldb.com/?ctiid.300574 Permissions Required,VDB Entry
https://vuldb.com/?id.300574 Third Party Advisory,VDB Entry
https://vuldb.com/?submit.517781 Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2591, you might also want to check these: