{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-52937", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "state": "PUBLISHED", "assignerShortName": "GovTech CSG", "dateReserved": "2025-06-23T09:24:36.336Z", "datePublished": "2025-06-23T09:26:12.727Z", "dateUpdated": "2025-06-23T13:26:46.248Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "modules": ["surface/src/3rdparty/opennurbs"], "product": "pcl", "programFiles": ["crc32.c"], "repo": "https://github.com/PointCloudLibrary/pcl", "vendor": "PointCloudLibrary", "versions": [{"lessThan": "1.14.0", "status": "affected", "version": "0", "versionType": "git"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules).<p> This vulnerability is associated with program files <tt>crc32.C</tt>.</p>This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "metrics": [{"cvssV4_0": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "baseScore": 2, "baseSeverity": "LOW", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:12.727Z"}, "references": [{"tags": ["patch", "third-party-advisory"], "url": "https://github.com/PointCloudLibrary/pcl/pull/6275"}, {"tags": ["patch"], "url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79"}], "source": {"discovery": "UNKNOWN"}, "title": "Vulnerability in PointCloudLibrary PCL", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-494", "lang": "en", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-06-23T13:26:43.507468Z", "id": "CVE-2025-52937", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T13:26:46.248Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52937", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-06-23T13:26:43.507468Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-494", "description": "CWE-494 Download of Code Without Integrity Check"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-06-23T13:26:39.343Z"}}], "cna": {"title": "Vulnerability in PointCloudLibrary PCL", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "reporter", "value": "TITAN Team (titancaproject@gmail.com)"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NEGLIGIBLE", "version": "4.0", "Recovery": "AUTOMATIC", "baseScore": 2, "Automatable": "NO", "attackVector": "LOCAL", "baseSeverity": "LOW", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/S:N/AU:N/R:A/V:D/RE:M/U:Green", "providerUrgency": "GREEN", "userInteraction": "NONE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "privilegesRequired": "LOW", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "LOW", "subAvailabilityImpact": "LOW", "vulnAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"repo": "https://github.com/PointCloudLibrary/pcl", "vendor": "PointCloudLibrary", "modules": ["surface/src/3rdparty/opennurbs"], "product": "pcl", "versions": [{"status": "affected", "version": "0", "lessThan": "1.14.0", "versionType": "git"}], "programFiles": ["crc32.c"], "defaultStatus": "unaffected"}], "references": [{"url": "https://github.com/PointCloudLibrary/pcl/pull/6275", "tags": ["patch", "third-party-advisory"]}, {"url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79", "tags": ["patch"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).", "supportingMedia": [{"type": "text/html", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules).<p> This vulnerability is associated with program files <tt>crc32.C</tt>.</p>This vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE).", "base64": false}]}], "providerMetadata": {"orgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "shortName": "GovTech CSG", "dateUpdated": "2025-06-23T09:26:12.727Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52937", "state": "PUBLISHED", "dateUpdated": "2025-06-23T13:26:46.248Z", "dateReserved": "2025-06-23T09:24:36.336Z", "assignerOrgId": "1a37b84a-8e51-4525-b3d6-87e2fae01dbd", "datePublished": "2025-06-23T09:26:12.727Z", "assignerShortName": "GovTech CSG"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Vulnerability in PointCloudLibrary PCL (surface/src/3rdparty/opennurbs modules). This vulnerability is associated with program files crc32.C.\n\nThis vulnerability is only relevant if the PCL version is older than 1.14.0 or the user specifically requests to not use the system zlib (WITH_SYSTEM_ZLIB=FALSE)."}], "id": "CVE-2025-52937", "lastModified": "2025-06-23T20:16:21.633", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NO", "Recovery": "AUTOMATIC", "Safety": "NEGLIGIBLE", "attackComplexity": "HIGH", "attackRequirements": "PRESENT", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 2.0, "baseSeverity": "LOW", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "GREEN", "subAvailabilityImpact": "LOW", "subConfidentialityImpact": "LOW", "subIntegrityImpact": "LOW", "userInteraction": "NONE", "valueDensity": "DIFFUSE", "vectorString": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:A/V:D/RE:M/U:Green", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "LOW", "vulnIntegrityImpact": "LOW", "vulnerabilityResponseEffort": "MODERATE"}, "source": "cve_disclosure@tech.gov.sg", "type": "Secondary"}]}, "published": "2025-06-23T10:15:27.717", "references": [{"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/PointCloudLibrary/pcl/commit/2f9dc390c6769fbd821fafa0e16f4707ed7c5d79"}, {"source": "cve_disclosure@tech.gov.sg", "url": "https://github.com/PointCloudLibrary/pcl/pull/6275"}], "sourceIdentifier": "cve_disclosure@tech.gov.sg", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-494"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"created": "2025-06-27T14:10:57.469242+00:00", "updated": "2025-06-27T14:10:57.469293+00:00", "vendors": ["point_cloud_library", "point_cloud_library$PRODUCT$pcl"]}