QwikSec

Security Database

CVE

CWE

Training

CVE-2025-8854

Published: Aug 11, 2025

Modified: Aug 11, 2025

PUBLISHED

Description

Stack-based buffer overflow in LoadOFF in bulletphysics bullet3 before 3.26 on all platforms allows remote attackers to execute arbitrary code via a crafted OFF file with an overlong initial token processed by the VHACD test utility or invoked indirectly through PyBullet's vhacd function.

Vendor	Product	Versions
bulletphysics	bullet3	affected `<= 3.25`

Weaknesses (CWE)

References

https://github.com/bulletphysics/bullet3/blob/master/Extras/VHACD/test/src/main_vhacd.cpp#L472

https://github.com/bulletphysics/bullet3/issues/4732

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.