Low severity3.3NVD Advisory· Published Sep 26, 2025· Updated Apr 29, 2026

CVE-2025-11011

Description

A vulnerability was found in BehaviorTree up to 4.7.0. Affected by this issue is the function JsonExporter::fromJson of the file /src/json_export.cpp. Performing manipulation of the argument Source results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The patch is named 4b23dcaf0ce951a31299ebdd61df69f9ce99a76d. It is suggested to install a patch to address this issue.

Affected products

Behaviortree/Behaviortree
cpe:2.3:a:behaviortree:behaviortree:*:*:*:*:*:*:*:*
Range: <4.7.3

Patches

9b3e791f8c09

https://github.com/behaviortree/behaviortree.cppvia osv

4b23dcaf0ce9

https://github.com/behaviortree/behaviortree.cppvia osv

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/BehaviorTree/BehaviorTree.CPP/commit/4b23dcaf0ce951a31299ebdd61df69f9ce99a76dnvdPatch
github.com/BehaviorTree/BehaviorTree.CPP/issues/1008nvdExploitIssue TrackingThird Party Advisory
vuldb.comnvdThird Party AdvisoryVDB Entry
vuldb.comnvdThird Party AdvisoryVDB Entry
github.com/BehaviorTree/BehaviorTree.CPP/pull/1009nvdIssue Tracking
vuldb.comnvdPermissions RequiredVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.214
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000