CVE-2025-57108
Last modified
CVE-2025-57108 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.. EPSS estimates a 0.33% chance of exploitation in the next 30 days.
Description
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Vtk | Vtk | <= 9.5.0 |
References
- https://gitlab.kitware.com/vtk/vtk/-/issues/19736Exploit, Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-57108?
How severe is CVE-2025-57108?
How do I fix CVE-2025-57108?
Are you affected by CVE-2025-57108?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST