Cyber Resilience

CVE-2025-8854

HighPublic PoC

Published: 11 August 2025

Published
11 August 2025
Modified
08 December 2025
KEV Added
Patch
CVSS Score v4 8.4 CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
EPSS Score 0.0216 84.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-8854 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Bulletphysics Pybullet. Its CVSS base score is 8.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 15.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-8854 is a stack-based buffer overflow in the LoadOFF function of bulletphysics bullet3 versions prior to 3.26, affecting all platforms. The flaw occurs when processing a crafted OFF file containing an overlong initial token and is reachable through the VHACD test utility or indirectly via PyBullet's vhacd function. It is tracked under CWE-120 and CWE-787 and carries a CVSS 4.0 score of 8.4.

An unauthenticated attacker can supply a malicious OFF file to trigger the overflow, resulting in arbitrary code execution on the target system. The attack requires local access or user interaction to open the file but needs no privileges.

The project repository and associated issue tracker reference the vulnerable code path in Extras/VHACD/test/src/main_vhacd.cpp and indicate the defect was addressed by the 3.26 release.

EPSS remains low and unchanged at 0.0216 with no observed rise after disclosure.

EU & UK References

Vulnerability details

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through…

more

PyBullet's vhacd function.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1203 Exploitation for Client Execution Execution
Adversaries may exploit software vulnerabilities in client applications to execute code.
Why these techniques?

Stack-based buffer overflow in bullet3's LoadOFF function (VHACD utility and PyBullet) enables arbitrary code execution via crafted OFF file, facilitating Exploitation for Client Execution.

CVEs Like This One

CVE-2024-55194Shared CWE-120, CWE-787
CVE-2026-5734Shared CWE-120, CWE-787
CVE-2026-0122Shared CWE-787
CVE-2019-25705Shared CWE-787
CVE-2026-42484Shared CWE-787
CVE-2018-25260Shared CWE-787
CVE-2021-47785Shared CWE-787
CVE-2024-50664Shared CWE-120, CWE-787
CVE-2019-25603Shared CWE-787
CVE-2025-27363Shared CWE-787

Affected Assets

bulletphysics
pybullet
≤ 3.25

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mitigates the vulnerability by requiring identification, reporting, and correction of the buffer overflow flaw through upgrading bullet3 to version 3.26 or later.

prevent

Provides memory protections such as stack canaries, ASLR, and DEP that prevent arbitrary code execution even if the stack-based buffer overflow occurs during OFF file processing.

prevent

Requires validation of information inputs like OFF files to reject crafted files with overlong initial tokens before they reach the vulnerable LoadOFF function.

References