A weakness has been identified in Open Babel up to 3.1.1. This affects the function GAMESSOutputFormat::ReadMolecule of the file gamessformat.cpp. This manipulation causes use after free. It is possible to launch the attack on the local host. The exploit has been made available to the public and could be exploited.
References
| Link | Resource |
|---|---|
| https://github.com/openbabel/openbabel/issues/2834 | Exploit Issue Tracking |
| https://github.com/user-attachments/files/22318611/poc.zip | Exploit |
| https://vuldb.com/?ctiid.325922 | Permissions Required VDB Entry |
| https://vuldb.com/?id.325922 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.654057 | Third Party Advisory VDB Entry |
Configurations
History
29 Sep 2025, 13:07
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Openbabel open Babel
Openbabel |
|
| References | () https://github.com/openbabel/openbabel/issues/2834 - Exploit, Issue Tracking | |
| References | () https://github.com/user-attachments/files/22318611/poc.zip - Exploit | |
| References | () https://vuldb.com/?ctiid.325922 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.325922 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.654057 - Third Party Advisory, VDB Entry | |
| CPE | cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:* |
26 Sep 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-26 02:15
Updated : 2025-09-29 13:07
NVD link : CVE-2025-10994
Mitre link : CVE-2025-10994
CVE.ORG link : CVE-2025-10994
JSON object : View
Products Affected
openbabel
- open_babel