CVE-2025-52937

Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).

CVSS

No CVSS.

References

Link	Resource
https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79
https://github.com/PointCloudLibrary/pcl/pull/6275

Configurations

No configuration.

History

15 Apr 2026, 00:35

Type	Values Removed	Values Added
Summary		(es) Vulnerabilidad en PointCloudLibrary PCL (módulos surface/src/3rdparty/opennurbs). Esta vulnerabilidad está asociada con los archivos de programa crc32.C. Esta vulnerabilidad solo es relevante si la versión de PCL es anterior a la 1.14.0 o si el usuario solicita específicamente no usar la librería zlib del sistema (WITH_SYSTEM_ZLIB=FALSE).

23 Jun 2025, 14:15

Type	Values Removed	Values Added
CWE		CWE-494

23 Jun 2025, 10:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-06-23 10:15

Updated : 2026-04-15 00:35

NVD link : CVE-2025-52937

Mitre link : CVE-2025-52937

CVE.ORG link : CVE-2025-52937

JSON object : View

Products Affected

No product.

CWE

CWE-494

Download of Code Without Integrity Check

{"id": "CVE-2025-52937", "cveTags": [], "metrics": {"cvssMetricV40": [{"type": "Secondary", "source": "cve_disclosure@tech.gov.sg", "cvssData": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2.0, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Green", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "MODERATE", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-06-23T10:15:27.717", "references": [{"url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79", "source": "cve_disclosure@tech.gov.sg"}, {"url": "https://github.com/PointCloudLibrary/pcl/pull/6275", "source": "cve_disclosure@tech.gov.sg"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-494"}]}], "descriptions": [{"lang": "en", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}, {"lang": "es", "value": "Vulnerabilidad en PointCloudLibrary PCL (m\u00f3dulos surface/src/3rdparty/opennurbs). Esta vulnerabilidad est\u00e1 asociada con los archivos de programa crc32.C. Esta vulnerabilidad solo es relevante si la versi\u00f3n de PCL es anterior a la 1.14.0 o si el usuario solicita espec\u00edficamente no usar la librer\u00eda zlib del sistema (WITH_SYSTEM_ZLIB=FALSE)."}], "lastModified": "2026-04-15T00:35:42.020", "sourceIdentifier": "cve_disclosure@tech.gov.sg"}