A critical use-after-free vulnerability, identified as CVE-2025-57108, exists in the Kitware Visualization Toolkit (VTK). This flaw can be triggered when an application using the vulnerable library processes a specially crafted GLTF file, potentially allowing an attacker to execute arbitrary code and gain full control of the affected system. Given its critical CVSS score of 9.8, this vulnerability poses a significant risk of system compromise.

The vulnerability is a heap-based use-after-free condition within the vtkGLTFDocumentLoader component of the Kitware VTK library. It occurs during the copying of mesh objects from a GLTF file. An attacker can exploit this by creating a malicious GLTF file that, when opened by a user in an application leveraging the VTK library, triggers the use of a memory pointer after it has been freed. This memory corruption can be leveraged to crash the application, leading to a denial of service, or to execute arbitrary code with the same privileges as the user running the application.

This vulnerability is rated as critical severity with a CVSS score of 9.8. Successful exploitation could allow a remote attacker to achieve arbitrary code execution, leading to a complete compromise of the affected workstation or server. The potential business impact includes theft of sensitive data, installation of malware such as ransomware, disruption of critical operations that rely on visualization software (e.g., medical imaging, scientific research, engineering design), and loss of system integrity and availability. The ease of exploitation via a malicious file makes this a significant threat to organizations where users may interact with untrusted data sources.

Immediate Action:

• Patch: Immediately update all instances of Kitware VTK and any software products that bundle it to a version that remediates this vulnerability, as recommended by the vendor.
• Monitor: Actively monitor for signs of exploitation. Review application and system logs for unexpected crashes or behavior related to applications that process GLTF files.

Proactive Monitoring:

• Implement enhanced monitoring on endpoints running affected software. Look for suspicious processes being spawned by applications that use the VTK library.
• Monitor network traffic for unusual outbound connections from systems after a user opens a GLTF file.
• Configure Endpoint Detection and Response (EDR) solutions to detect memory corruption exploitation techniques.

Compensating Controls:

• If patching is not immediately feasible, implement a policy to block or quarantine GLTF files from untrusted or external sources.
• Run vulnerable applications in a sandboxed or virtualized environment to contain the impact of a potential exploit.
• Ensure user accounts have the minimum necessary privileges to limit an attacker's capabilities post-exploitation.

Public Exploit Available: false

Due to the critical severity (CVSS 9.8) of this vulnerability and its potential for remote code execution, it is imperative that organizations take immediate action. We strongly recommend prioritizing the deployment of vendor-supplied patches across all systems using the affected Kitware VTK library. Although this CVE is not currently in the CISA KEV catalog, its high impact and potential for exploitation warrant urgent attention to prevent a future system compromise. If patching is delayed, implement the compensating controls and proactive monitoring detailed above to reduce the risk.