CVE-2025-3159

Name: CVE-2025-3159
Creator: NVD / NIST
Published: 2025-04-03T14:15:46.983+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

MEDIUMCVSS 4.8/10EPSS 0.28%

Last modified Jun 17, 2026

CVE-2025-3159 is a medium-severity vulnerability rated 4.8/10 on the CVSS scale. A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. EPSS estimates a 0.28% chance of exploitation in the next 30 days.

Description

A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. This affects the function Assimp::ASE::Parser::ParseLV4MeshBonesVertices of the file code/AssetLib/ASE/ASEParser.cpp of the component ASE File Handler. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of the patch is e8a6286542924e628e02749c4f5ac4f91fdae71b. It is recommended to apply a patch to fix this issue.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS 4.0

4.8/10

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

EPSS Probability

0.28%

19.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Assimp	Assimp	5.4.3

References

https://github.com/assimp/assimp/issues/6024Exploit, Issue Tracking
https://github.com/assimp/assimp/issues/6024#issue-2877382033Exploit, Issue Tracking
https://github.com/assimp/assimp/pull/6051Issue Tracking, Patch
https://github.com/tellypresence/assimp/commit/e8a6286542924e628e02749c4f5ac4f91fdae71bPatch
https://vuldb.com/?ctiid.303105Permissions Required, VDB Entry
https://vuldb.com/?id.303105Third Party Advisory, VDB Entry
https://vuldb.com/?submit.542247Third Party Advisory, VDB Entry

Timeline

Published: Apr 3, 2025
Last Modified: Jun 17, 2026
Status: Analyzed

Frequently Asked Questions

What is CVE-2025-3159?

How severe is CVE-2025-3159?

CVE-2025-3159 has a CVSS score of 4.8/10 (MEDIUM severity). The EPSS model estimates a 0.28% probability of exploitation in the next 30 days.

How do I fix CVE-2025-3159?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2025-3159?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST