Buffer Overflow Vulnerability in Assimp FBX Importer
CVE-2025-70067

9.8CRITICAL

Key Information:

Vendor: Assimp
Status: Assimp
Vendor: CVE Published:; 4 May 2026

What is CVE-2025-70067?

A buffer overflow vulnerability exists in the FBX Importer of Assimp, allowing attackers to exploit the aiMaterial::AddBinaryProperty function. When a property key string from a crafted FBX file is copied into a fixed-size heap buffer using the unsafe strcpy() function, it may lead to memory corruption and potentially arbitrary code execution. Proper validation of the input length is lacking, making this vulnerability a significant security concern for users of Assimp versions up to 6.0.2.

References

http://assimp.com

https://github.com/assimp/assimp

https://gist.github.com/GunP4ng/b6653184a4c5c3e608e636822...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 4, 2026
Vulnerability Reserved
Jan 9, 2026

CVE-2025-70067 Data

JSON