SecuriTricks - CVE-2025-52937

Description

Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C. This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).

Product(s) Impacted

Vendor	Product	Versions
Pointcloudlibrary	Pcl	<1.14.0

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-494

Download of Code Without Integrity Check

The product downloads source code or an executable from a remote location and executes the code without sufficiently verifying the origin and integrity of the code.

*CPE(s)

Affected systems and software identified for this CVE.

Type	Vendor	Product	Version	Update	Edition	Language	Software Edition	Target Software	Target Hardware	Other Information
a	pointcloudlibrary	pcl	<1.14.0	/	/	/	/	/	/	/

References

https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79

https://github.com/PointCloudLibrary/pcl/pull/6275

CVSS Score

2.0 / 10

CVSS Data - 4.0

Attack Vector: LOCAL
Attack Complexity: HIGH
Attack Requirements: PRESENT
Privileges Required: LOW
User Interaction: NONE
Scope:
Confidentiality Impact: LOW
Integrity Impact: LOW
Availability Impact: LOW
Exploit Maturity: NOT_DEFINED

CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Green

View Vector String

Timeline

Published: June 23, 2025, 10:15 a.m.
Last Modified: June 23, 2025, 8:16 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

cve_disclosure@tech.gov.sg

CVE-2025-52937