CVE-2025-2753

MEDIUM LAB

Open Asset Import Library Assimp 5.4.3 - Out-of-Bounds Read in LWS File Handler

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-2753. PoCs published by exploitintel.

AI-analyzed exploit summary The repository contains functional exploit code demonstrating CVE-2025-2753, an uninitialized pointer array vulnerability in the Assimp LWS importer leading to out-of-bounds read and DoS. Multiple PoC scripts and detailed analysis documents are included.

Description

A vulnerability was found in Open Asset Import Library Assimp 5.4.3. It has been classified as critical. Affected is the function SceneCombiner::MergeScenes of the file code/AssetLib/LWS/LWSLoader.cpp of the component LWS File Handler. The manipulation leads to out-of-bounds read. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Exploits (1)

github WORKING POC 1 stars

by exploitintel · pythonpoc

https://github.com/exploitintel/eip-pocs-and-cves/tree/main/CVE-2025-2753

View Code ZIP pw:eip

The repository contains functional exploit code demonstrating CVE-2025-2753, an uninitialized pointer array vulnerability in the Assimp LWS importer leading to out-of-bounds read and DoS. Multiple PoC scripts and detailed analysis documents are included.

Classification

Working Poc 100%

Attack Type

Dos

Complexity

Moderate

Reliability

Reliable

Target: Open Asset Import Library (assimp) v5.4.3 through v6.0.4

No auth needed

Prerequisites: malformed LWS file · victim application using assimp

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Mar 02, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry technical-description

https://vuldb.com/?id.300858

Permissions Required, VDB Entry signature permissions-required

https://vuldb.com/?ctiid.300858

Third Party Advisory, VDB Entry third-party-advisory

https://vuldb.com/?submit.517787

Exploit, Issue Tracking issue-tracking

https://github.com/assimp/assimp/issues/6014

Exploit, Issue Tracking exploit issue-tracking

https://github.com/assimp/assimp/issues/6014#issue-2877372462

Scores

CVSS v3 6.3

EPSS 0.0043

EPSS Percentile 34.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Lab Environment

EIP LAB

Docker Lab

patched docker pull ghcr.io/exploitintel/cve-2025-2753-patched:latest

vulnerable docker pull ghcr.io/exploitintel/cve-2025-2753-vulnerable:latest

View in Library GitHub

Details

CWE

CWE-119 CWE-125

Status published

Products (1)

assimp/assimp 5.4.3

Published Mar 25, 2025

Tracked Since Feb 18, 2026