Login Sign Up

CVE-2025-3548

5.3 MEDIUM

📋 TL;DR

This critical vulnerability in Open Asset Import Library (Assimp) allows heap-based buffer overflow via the aiString::Set function when processing malicious 3D model files. Attackers can execute arbitrary code or crash applications using Assimp. All applications that load 3D models with Assimp versions up to 5.4.3 are affected.

💻 Affected Systems

Products:
  • Open Asset Import Library (Assimp)
Versions: All versions up to and including 5.4.3
Operating Systems: All platforms (Windows, Linux, macOS, etc.)
Default Config Vulnerable: ⚠️ Yes
Notes: Any application using Assimp to load 3D model files (FBX, OBJ, GLTF, etc.) is vulnerable.

📦 What is this software?

Assimp by Assimp

View all CVEs affecting Assimp →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes (denial of service) when processing malicious 3D files, potentially disrupting workflows.

🟢

If Mitigated

Limited to application crashes if memory protections (ASLR, DEP) are effective, but RCE remains possible.

🌐 Internet-Facing: MEDIUM - Requires user to open malicious 3D files, but web services processing uploaded models could be exploited.
🏢 Internal Only: HIGH - Internal users could be tricked into opening malicious files, leading to lateral movement within networks.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept exploit code is publicly available in the GitHub issue. Attack requires user to open malicious 3D file.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.4.4 or later

Vendor Advisory: https://github.com/assimp/assimp/issues/6068

Restart Required: Yes

Instructions:

1. Update Assimp to version 5.4.4 or later. 2. Rebuild any applications using Assimp with the updated library. 3. Restart affected applications/services.

🔧 Temporary Workarounds

Input Validation

all

Implement strict validation of 3D model files before processing with Assimp.

Memory Protections

all

Enable ASLR and DEP at OS level to reduce exploit success probability.

Windows: bcdedit /set {current} nx AlwaysOn
Linux: echo 2 > /proc/sys/kernel/randomize_va_space

🧯 If You Can't Patch

  • Restrict user permissions to limit damage from potential exploitation
  • Implement application whitelisting to prevent execution of unauthorized code

🔍 How to Verify

Check if Vulnerable:

Check Assimp version: if version <= 5.4.3, system is vulnerable.

Check Version:

assimp version (CLI) or check library version in application

Verify Fix Applied:

Verify Assimp version is 5.4.4 or later and test with known malicious 3D files.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when loading 3D files
  • Memory access violation errors in logs

Network Indicators:

  • Unusual outbound connections after processing 3D files

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName contains 'assimp' OR Application contains 'assimp'

📊 Metadata

CVE ID: CVE-2025-3548
CVSS v3 Score: 5.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-119
EPSS Score: 0.13% exploit probability (31.9th percentile)
Published: April 14, 2025
Last Updated: September 29, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-3548, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)