A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.
References
Link | Resource |
---|---|
https://github.com/BehaviorTree/BehaviorTree.CPP/commit/4b23dcaf0ce951a31299ebdd61df69f9ce99a76d | Patch |
https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1008 | Exploit Issue Tracking Third Party Advisory |
https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1009 | Issue Tracking |
https://github.com/user-attachments/files/22270928/poc.zip | Exploit |
https://vuldb.com/?ctiid.325954 | Permissions Required VDB Entry |
https://vuldb.com/?id.325954 | Third Party Advisory VDB Entry |
https://vuldb.com/?submit.654073 | Third Party Advisory VDB Entry |
Configurations
History
16 Oct 2025, 15:53
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:behaviortree:behaviortree:*:*:*:*:*:*:*:* | |
First Time |
Behaviortree
Behaviortree behaviortree |
|
References | () https://github.com/BehaviorTree/BehaviorTree.CPP/commit/4b23dcaf0ce951a31299ebdd61df69f9ce99a76d - Patch | |
References | () https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1008 - Exploit, Issue Tracking, Third Party Advisory | |
References | () https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1009 - Issue Tracking | |
References | () https://github.com/user-attachments/files/22270928/poc.zip - Exploit | |
References | () https://vuldb.com/?ctiid.325954 - Permissions Required, VDB Entry | |
References | () https://vuldb.com/?id.325954 - Third Party Advisory, VDB Entry | |
References | () https://vuldb.com/?submit.654073 - Third Party Advisory, VDB Entry |
26 Sep 2025, 12:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2025-09-26 12:15
Updated : 2025-10-16 15:53
NVD link : CVE-2025-11011
Mitre link : CVE-2025-11011
CVE.ORG link : CVE-2025-11011
JSON object : View
Products Affected
behaviortree
- behaviortree