CVE-2025-10997 is a heap-based buffer overflow vulnerability identified in Open Babel versions up to 3.1.1, specifically within the ChemKinFormat::CheckSpecies function located in the /src/formats/chemkinformat.cpp source file. Open Babel is an open-source chemical toolbox widely used for converting, analyzing, and manipulating chemical data formats. The vulnerability arises when the CheckSpecies function improperly handles input data, leading to a heap-based buffer overflow condition. This type of overflow occurs when data written to a heap-allocated buffer exceeds its boundary, potentially overwriting adjacent memory. Such memory corruption can be exploited to execute arbitrary code, cause application crashes, or escalate privileges. The attack vector is local, meaning an attacker must have local access with at least low-level privileges (PR:L) to trigger the vulnerability. No user interaction is required once local access is obtained. The CVSS 4.0 base score is 4.8, indicating a medium severity level, reflecting limited attack surface due to local access requirements and the absence of remote exploitation capabilities. Although an exploit has been published, there are no known widespread exploits in the wild at this time. The vulnerability does not require user interaction and has low complexity for exploitation given local access, but it does not affect confidentiality, integrity, or availability to a high degree remotely. The lack of available patches at the time of publication suggests that users should apply mitigations or updates once released. Overall, this vulnerability poses a moderate risk primarily to environments where Open Babel is used locally by multiple users or in shared systems where local privilege escalation could be leveraged.

For European organizations, the impact of CVE-2025-10997 depends largely on the deployment context of Open Babel. Organizations involved in chemical research, pharmaceuticals, academia, and industries relying on chemical data processing are the primary users of Open Babel. A successful exploitation could allow a local attacker to execute arbitrary code or cause denial of service on systems processing chemical data, potentially disrupting research workflows or data integrity. While the vulnerability requires local access, in multi-user or shared environments, this could facilitate privilege escalation or lateral movement. The medium severity score reflects that the threat is not critical for remote attackers but can be significant in environments with less stringent local access controls. European research institutions and companies with collaborative environments where multiple users have access to computational chemistry tools may face increased risk. Additionally, the absence of known exploits in the wild currently reduces immediate threat but does not eliminate the risk of targeted attacks. The impact on confidentiality is limited unless combined with other vulnerabilities, but integrity and availability of chemical data processing could be compromised. Organizations should consider the sensitivity of their chemical data and the criticality of affected systems when assessing risk.

1. Restrict local access: Limit user permissions and access to systems running Open Babel to trusted personnel only. 2. Monitor and audit local user activities on systems processing chemical data to detect suspicious behavior. 3. Apply principle of least privilege to users and processes interacting with Open Babel to minimize potential exploitation impact. 4. Segregate environments: Use isolated or containerized environments for chemical data processing to contain potential exploitation effects. 5. Keep Open Babel updated: Monitor for official patches or updates addressing CVE-2025-10997 and apply them promptly once available. 6. Employ application whitelisting and runtime protections to prevent unauthorized code execution. 7. Conduct regular security assessments and code reviews for custom integrations involving Open Babel to identify and remediate similar vulnerabilities. 8. Educate users about the risks of executing untrusted code or data locally, especially in research or shared computing environments.