CVE-2025-70070
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile - higher than 15% of all known CVEs
Summary
A denial of service vulnerability has been discovered in Assimp version 6.0.2. The issue resides in FBXMeshGeometry.cpp within the MeshGeometry::MeshGeometry() function. A remote attacker can exploit this flaw to cause a denial of service.
Risk Assessment
An attacker can remotely crash applications using the Assimp library, leading to service disruption and potential loss of availability.
Recommendation
Update the Assimp library to the latest available version that includes a fix for this vulnerability. If an update is not possible, restrict access to functions processing FBX files.
Original NVD description (English source)
An issue in Assimp v.6.0.2 allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry()

