A security vulnerability has been detected in Open Asset Import Library Assimp up to 6.0.2. Affected by this vulnerability is the function Assimp::LWOImporter::FindUVChannels of the file /src/assimp/code/AssetLib/LWO/LWOMaterial.cpp. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and may be used. This and similar defects are tracked and handled via issue #6128.
References
| Link | Resource |
|---|---|
| https://github.com/assimp/assimp/issues/6258 | Exploit Issue Tracking |
| https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 | Exploit Issue Tracking |
| https://github.com/user-attachments/files/21216542/assimp_poc10.zip | Exploit |
| https://vuldb.com/?ctiid.341727 | Permissions Required VDB Entry |
| https://vuldb.com/?id.341727 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.735232 | Third Party Advisory VDB Entry |
Configurations
History
10 Feb 2026, 17:10
| Type | Values Removed | Values Added |
|---|---|---|
| CPE | cpe:2.3:a:assimp:assimp:*:*:*:*:*:*:*:* | |
| First Time |
Assimp assimp
Assimp |
|
| References | () https://github.com/assimp/assimp/issues/6258 - Exploit, Issue Tracking | |
| References | () https://github.com/assimp/assimp/issues/6258#issuecomment-3070999530 - Exploit, Issue Tracking | |
| References | () https://github.com/user-attachments/files/21216542/assimp_poc10.zip - Exploit | |
| References | () https://vuldb.com/?ctiid.341727 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.341727 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.735232 - Third Party Advisory, VDB Entry |
18 Jan 2026, 23:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-01-18 23:15
Updated : 2026-02-10 17:10
NVD link : CVE-2025-15538
Mitre link : CVE-2025-15538
CVE.ORG link : CVE-2025-15538
JSON object : View
Products Affected
assimp
- assimp