Unrated severityNVD Advisory· Published Aug 11, 2025· Updated Aug 11, 2025

bullet3 VHACD utility: stack-based buffer overflow in OFF parser (LoadOFF)

CVE-2025-8854

Description

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.

Affected products

Bulletphysics/Bullet3v5
Range: <= 3.25

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/bulletphysics/bullet3/blob/master/Extras/VHACD/test/src/main_vhacd.cppmitre
github.com/bulletphysics/bullet3/issues/4732mitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000