CVE-2025-64301

| EUVD-2025-208795 HIGH
2026-03-17 talos
7.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
EUVD ID Assigned
Mar 17, 2026 - 20:30 euvd
EUVD-2025-208795
Analysis Generated
Mar 17, 2026 - 20:30 vuln.today
CVE Published
Mar 17, 2026 - 18:52 nvd
HIGH 7.8

Tags

RCE Buffer Overflow Memory Corruption Affinity

Description

An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.

Analysis

An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to achieve code execution by crafting malicious EMF (Enhanced Metafile) image files. The vulnerability affects Affinity version 3.0.1.3808 and requires user interaction to open the malicious file, but then grants full system compromise with high impact to confidentiality, integrity, and availability. No evidence of active exploitation or public proof-of-concept exists, and the local attack vector with user interaction requirement reduces immediate risk.

Technical Context

The vulnerability resides in Canva Affinity's EMF (Enhanced Metafile) file format parser, specifically affecting the product identified by CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:*. EMF is a Windows-based vector graphics format commonly used for printing and document embedding. The root cause is CWE-787 (Out-of-bounds Write), a memory corruption class where the application writes data beyond allocated buffer boundaries during EMF file parsing. This type of vulnerability typically occurs when file format parsers fail to properly validate input data sizes or field lengths, allowing attackers to overwrite adjacent memory regions with controlled data.

Affected Products

Canva Affinity version 3.0.1.3808 is confirmed vulnerable according to ENISA EUVD reporting, with the CPE identifier cpe:2.3:a:canva:affinity:*:*:*:*:*:*:*:* indicating potentially broader version impact. The vulnerability was discovered and reported by Talos Intelligence as TALOS-2025-2310. Canva has published security information at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62, though specific version ranges beyond 3.0.1.3808 are not clearly defined in the available intelligence.

Remediation

Update Canva Affinity to the latest version beyond 3.0.1.3808 as recommended in the vendor advisory at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62. Until patching is complete, implement user awareness training to avoid opening EMF files from untrusted sources, consider blocking EMF file types at email gateways and web proxies, and enable application sandboxing or virtualization for high-risk users who must process external graphics files. Full technical details are available in the Talos report at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2310.

Priority Score

39
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +39
POC: 0

Share

CVE-2025-64301 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy