Back to overview

CVE-2025-57108

CRITICAL Exploitation: PoC
9.8
CVSS 3.1
Description
Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

Metadata

CVE ID
CVE-2025-57108
State
PUBLISHED
Assigner
mitre
Reserved
2025-08-17 00:00 UTC
Published
2025-10-31 00:00 UTC
Last updated
2025-10-31 19:07 UTC
Primary CWE
CWE-416
CWE-416 Use After Free
Vendor / Product
n/a / n/a
Sources
cve.org  ·  NVD

Severity & Metrics

9.8 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
SSVC — CISA Coordinator
Exploitation
PoC
Automatable
yes
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
n/a n/a n/a
Weakness (CWE)
CWESourceDescription
cna n/a
CWE-416 adp CWE-416 Use After Free
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.8 CRITICAL 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
References (1)
Back to overview