Use After Free Vulnerability in Open Babel Software
CVE-2025-10994

4.8MEDIUM

Key Information:

Vendor

Open Babel

Status
Open Babel
Vendor
CVE Published:
26 September 2025

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-10994?

A vulnerability has been detected in Open Babel affecting versions up to 3.1.1. The issue resides in the GAMESSOutputFormat::ReadMolecule method within gamessformat.cpp, where improper handling of memory can lead to a use after free condition. This flaw can potentially allow an attacker to execute arbitrary code by manipulating memory, making the system susceptible to exploitation from a local host. The public availability of the exploit further heightens the concern for users of this software.

Affected Version(s)

Open Babel 3.1.0

Open Babel 3.1.1

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-10994 - Proof of Concept

References

https://vuldb.com/?id.325922
vdb-entrytechnical-description
https://vuldb.com/?ctiid.325922
signaturepermissions-required
https://vuldb.com/?submit.654057
third-party-advisory

CVSS V4

Score:
4.8
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

Credit

ahuo (VulDB User)
JSON
.
CVE-2025-10994 : Use After Free Vulnerability in Open Babel Software