CVE-2025-11013

low-risk
Published 2025-09-26

A vulnerability was identified in BehaviorTree up to 4.7.0. This vulnerability affects the function XMLParser::PImpl::loadDocImpl of the file /src/xml_parsing.cpp of the component XML Parser. The manipulation leads to null pointer dereference. The attack can only be performed from a local environment. The exploit is publicly available and might be used.

Do I need to act?

-
0.02% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Behaviortree

Affected Vendors

Behaviortree

References (8)

Exploit https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1003
Issue Tracking https://github.com/BehaviorTree/BehaviorTree.CPP/pull/1004
Exploit https://github.com/user-attachments/files/22245915/poc.zip
Permissions Required https://vuldb.com/?ctiid.325956
Third Party Advisory https://vuldb.com/?id.325956
Third Party Advisory https://vuldb.com/?submit.654075
Exploit https://github.com/BehaviorTree/BehaviorTree.CPP/issues/1003
Exploit https://github.com/user-attachments/files/22245915/poc.zip
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal