A security vulnerability has been detected in Open Babel up to 3.1.1. This vulnerability affects the function zlib_stream::basic_unzip_streambuf::underflow in the library /src/zipstreamimpl.h. Such manipulation leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed publicly and may be used.
References
| Link | Resource |
|---|---|
| https://github.com/openbabel/openbabel/issues/2832 | Exploit Issue Tracking |
| https://github.com/user-attachments/files/22318572/poc.zip | Exploit |
| https://vuldb.com/?ctiid.325923 | Permissions Required VDB Entry |
| https://vuldb.com/?id.325923 | Third Party Advisory VDB Entry |
| https://vuldb.com/?submit.654059 | Third Party Advisory VDB Entry |
Configurations
History
29 Sep 2025, 13:07
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/openbabel/openbabel/issues/2832 - Exploit, Issue Tracking | |
| References | () https://github.com/user-attachments/files/22318572/poc.zip - Exploit | |
| References | () https://vuldb.com/?ctiid.325923 - Permissions Required, VDB Entry | |
| References | () https://vuldb.com/?id.325923 - Third Party Advisory, VDB Entry | |
| References | () https://vuldb.com/?submit.654059 - Third Party Advisory, VDB Entry | |
| First Time |
Openbabel open Babel
Openbabel |
|
| CPE | cpe:2.3:a:openbabel:open_babel:*:*:*:*:*:*:*:* |
26 Sep 2025, 02:15
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2025-09-26 02:15
Updated : 2025-09-29 13:07
NVD link : CVE-2025-10995
Mitre link : CVE-2025-10995
CVE.ORG link : CVE-2025-10995
JSON object : View
Products Affected
openbabel
- open_babel
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer