CVE-2025-57106
7.5
HIGH
CVSS 3.1
EPSS 0.08%
Description
Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocumentLoader. The vulnerability occurs in the BufferDataExtractionWorker template function when processing GLTF accessor data.
How to fix CVE-2025-57106
To remediate CVE-2025-57106, upgrade the affected package to a fixed version below.
- Debian/vtk9—no fix listed
- PyPI/vtk—upgrade to 9.5.1 or later
Is CVE-2025-57106 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0
- from 0, < 9.5.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |