CVE-2025-11000 is a medium severity vulnerability identified in Open Babel versions up to 3.1.1, specifically affecting the function PQSFormat::ReadMolecule within the source file /src/formats/PQSformat.cpp. The vulnerability arises from a null pointer dereference condition triggered by crafted input data processed by this function. When the vulnerable function attempts to read molecular data in PQS format, improper handling of certain inputs can cause the program to dereference a null pointer, leading to a crash or denial of service. The attack vector is local, requiring the attacker to have at least low-level privileges on the affected system to execute the exploit. No user interaction or elevated privileges beyond low-level local access are necessary. The vulnerability does not impact confidentiality, integrity, or availability beyond causing a denial of service through application crash. The CVSS 4.0 base score is 4.8, reflecting the limited attack vector (local), low complexity, and lack of privilege escalation or user interaction. The exploit has been publicly disclosed, but no known exploits in the wild have been reported to date. Open Babel is an open-source chemical toolbox widely used for molecular modeling, cheminformatics, and computational chemistry tasks, often integrated into scientific workflows and software pipelines. The affected versions 3.1.0 and 3.1.1 are recent releases, indicating that users running these versions are at risk. The vulnerability is limited to local execution and does not allow remote code execution or privilege escalation, but could disrupt scientific computations or automated processing pipelines relying on Open Babel by causing unexpected crashes or denial of service conditions.

For European organizations, particularly research institutions, pharmaceutical companies, and chemical industry entities that rely on Open Babel for molecular data processing and cheminformatics, this vulnerability could disrupt critical workflows. A local attacker or malicious insider with access to affected systems could trigger application crashes, leading to denial of service conditions that interrupt data analysis, modeling, or automated processing pipelines. While the vulnerability does not allow data exfiltration or system compromise, the interruption of scientific computations could delay research projects, impact data integrity indirectly, and reduce operational efficiency. Organizations with shared computing environments or multi-user systems where Open Babel is installed are at higher risk, as low-privilege users could exploit this flaw to disrupt other users' work. The impact is primarily operational and availability-related rather than confidentiality or integrity. Given the local attack vector, the threat is lower for organizations with strict access controls and limited user privileges but remains relevant for environments with multiple users or less restrictive local access policies.

To mitigate this vulnerability, European organizations should: 1) Upgrade Open Babel to a version later than 3.1.1 once a patched release is available, as this is the most effective remediation. 2) Until patching is possible, restrict local access to systems running Open Babel to trusted users only, minimizing the risk of local exploitation. 3) Implement strict user privilege management to ensure that only authorized personnel have the ability to execute Open Babel or access molecular data processing environments. 4) Monitor system logs and application behavior for unexpected crashes or denial of service symptoms related to Open Babel processes. 5) Where feasible, isolate Open Babel workloads in containerized or sandboxed environments to limit the impact of crashes and prevent potential lateral movement. 6) Educate users and administrators about the vulnerability and the importance of applying updates promptly. 7) Review and harden local security policies to prevent untrusted users from executing arbitrary code or malformed input files that could trigger the vulnerability.