CVE-2025-57108CRITICAL 9.8EPSS p23.8%

CVE-2025-57108CVE-2025-57108

Description

Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap use-after-free vulnerability in vtkGLTFDocumentLoader. The vulnerability manifests during mesh object copy operations where vector members are accessed after the underlying memory has been freed, specifically when handling GLTF files with corrupted or invalid mesh reference structures.

Scoring

CVSS 3.19.8 (CRITICAL)
VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS0.32% probability of exploitation · percentile 23.8% · 2026-06-18T12:00:27Z
Published2025-10-31
Last modified2025-11-05

Underlying weaknesses· 1

CWE-416

References

  1. https://gitlab.kitware.com/vtk/vtk/-/issues/19736

1

TypeTargetConfidenceTier
WeaknessUse After Freecwe-4160%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
CVE-2025-58411
CVE
CVE-2026-32845
CVE
CVE-2025-44904
CVE
CVE-2026-52757
CVE
CVE-2025-55157
CVE
CVE-2026-10200
Sourced from NVD + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.