PatchSiren

PatchSiren cyber security CVE debrief

CVE-2025-70070 Assimp CVE debrief

A CVE record for CVE-2025-70070 was published on May 4, 2026, at 15:16:03 GMT. The issue is related to Assimp v.6.0.2 and allows a remote attacker to cause a denial of service via the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry(). The CVSS score is 6.5, and the severity is MEDIUM. This vulnerability has a medium priority due to its CVSS score and potential for denial of service. Organizations using Assimp v.6.0.2 should review their inventory and assess the potential impact of this vulnerability.

Vendor
Assimp
Product
Assimp
CVSS
MEDIUM 6.5
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-04
Original CVE updated
2026-07-05
Advisory published
2026-05-04
Advisory updated
2026-07-05

Who should care

Organizations using Assimp v.6.0.2 should review their inventory and assess the potential impact of this vulnerability. Operators of affected systems, platform administrators, vulnerability management teams, and security teams should be aware of this issue and plan for potential mitigations or updates.

Technical summary

CVE-2025-70070 is a denial of service vulnerability in Assimp v.6.0.2. The vulnerability is caused by an issue in the FBXMeshGeometry.cpp, MeshGeometry::MeshGeometry(). A remote attacker can exploit this vulnerability to cause a denial of service. This issue has a CVSS score of 6.5 and is classified as MEDIUM severity. Organizations should review their inventory and assess potential impact.

Defensive priority

Medium priority due to CVSS score of 6.5 and potential for denial of service. Recommended actions include reviewing and updating Assimp to the latest version if available, monitoring for any advisories or patches from the vendor, and performing inventory checks to identify affected systems.

Recommended defensive actions

  • Review and update Assimp to the latest version if available
  • Monitor for any advisories or patches from the vendor
  • Perform inventory checks to identify affected systems

Evidence notes

The CVE record was obtained from the official CVE database. The NVD entry is currently Deferred. Evidence is limited to CVE and NVD details. Defenders should verify Assimp v.6.0.2 usage and review vendor advisories for potential patches or mitigations.

Official resources

AI-assisted PatchSiren debrief based on the supplied source corpus. The CVE record was published on 2026-05-04T15:16:03.360Z and has not been modified since then.