CVE-2025-11017

low-risk
Published 2025-09-26

A vulnerability was detected in OGRECave Ogre up to 14.4.1. The impacted element is the function Ogre::LogManager::stream of the file /ogre/OgreMain/src/OgreLogManager.cpp. Performing manipulation of the argument mDefaultLog results in null pointer dereference. The attack must be initiated from a local position. The exploit is now public and may be used.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
3
CVSS 3.3/10 Low
LOCAL / LOW complexity

Affected Products (1)

Ogre

Affected Vendors

Ogre3D

References (6)

Exploit https://github.com/OGRECave/ogre/issues/3447
Exploit https://github.com/user-attachments/files/22335685/poc.zip
Permissions Required https://vuldb.com/?ctiid.325960
Third Party Advisory https://vuldb.com/?id.325960
Third Party Advisory https://vuldb.com/?submit.654456
Exploit https://github.com/OGRECave/ogre/issues/3447
18
/ 100
low-risk
Severity 13/34 · Low
Exploitability 0/34 · Minimal
Exposure 5/34 · Minimal