CVE-2025-8854

High CVSS 8.4

Overview

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.

CWE: CWE-120 Published: 2025-08-11T05:15:27.187

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 8.4 (HIGH)
Detected tags: buffer, rce (tag impact: VERY HIGH)

Recommended actions:

Patch/upgrade immediately (remote code execution).
Reduce exposure (WAF/segmentation), minimize attack surface.

Overview

Recommended tools

Tags