CVE-2025-10998 is a medium-severity vulnerability identified in Open Babel versions up to 3.1.1, specifically within the function ChemKinFormat::ReadReactionQualifierLines located in the source file /src/formats/chemkinformat.cpp. The vulnerability arises from a null pointer dereference condition triggered by improper handling of reaction qualifier lines in ChemKin format files. When this function processes malformed or unexpected input, it attempts to dereference a null pointer, leading to a crash or denial of service. The vulnerability requires local access to the environment where Open Babel is installed, as the attack vector is limited to local manipulation of input data. No user interaction or elevated privileges beyond local user rights are necessary, and the vulnerability does not affect confidentiality or integrity directly but impacts availability by causing application crashes. The CVSS 4.0 score of 4.8 reflects a medium severity, with low attack complexity but limited scope and impact. Although the exploit has been publicly disclosed, there are no known exploits in the wild at this time. Open Babel is an open-source chemical toolbox widely used for cheminformatics, molecular modeling, and chemical data conversion, often employed in academic, research, and industrial environments for chemical data processing and analysis. The vulnerability could disrupt workflows relying on Open Babel for chemical data parsing and conversion, potentially causing denial of service conditions in local environments where the software is used.

For European organizations, the impact of CVE-2025-10998 is primarily related to operational disruption rather than data breach or system compromise. Organizations involved in chemical research, pharmaceuticals, materials science, and related industries that utilize Open Babel for chemical data processing may experience application crashes or denial of service when processing malformed ChemKin format files locally. This could delay research activities, data analysis, and automated workflows dependent on Open Babel, impacting productivity and potentially causing financial or reputational harm if critical processes are interrupted. Since exploitation requires local access, the threat is more relevant in environments where multiple users share systems or where untrusted users have local access. The vulnerability does not allow remote code execution or privilege escalation, limiting its impact on broader IT infrastructure. However, in sensitive research environments, even availability disruptions can have significant operational consequences.

To mitigate CVE-2025-10998, European organizations should: 1) Upgrade Open Babel to a patched version once available, as no patch links are currently provided but are expected to be released promptly. 2) Restrict local access to systems running Open Babel to trusted users only, minimizing the risk of local exploitation. 3) Implement input validation and sanitization controls on ChemKin format files before processing, potentially using external validation tools or scripts to detect malformed files. 4) Monitor application logs and system stability for signs of crashes related to ChemKin file processing to detect attempted exploitation. 5) Consider sandboxing or containerizing Open Babel processes to isolate crashes and prevent broader system impact. 6) Educate users about the risks of processing untrusted chemical data files locally and enforce strict file handling policies. These steps go beyond generic advice by focusing on access control, input validation, monitoring, and containment tailored to the local nature of the vulnerability.