Which versions of Openexr are affected by EUVD-2025-50828?

CVE-2025-64181 is a low-severity vulnerability in versions 3.3.0 (CVSS 2.0). The limited severity suggests constrained impact, typically requiring specific conditions or local access for…. A patch is available.

Is there a public PoC exploit available for EUVD-2025-50828?

Yes, a public proof-of-concept exploit is available for EUVD-2025-50828. Prioritise patching immediately. EPSS: 0.1%.

How to fix or mitigate EUVD-2025-50828?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Openexr EUVD-2025-50828

Q: What is the CVSS score of EUVD-2025-50828?

EUVD-2025-50828 has a CVSS 4.0 base score of 2.0 (Low). CVSS vector: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. EPSS exploitation probability: 0.1%.

| CVE-2025-64181 LOW

Use of Uninitialized Variable (CWE-457)

2025-11-10 security-advisories@github.com

GHSA-3h9h-qfvw-98hq

Denial Of Service Openexr

2.0

CVSS 4.0 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY

2.0 LOW

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Lifecycle Timeline

Patch released

Apr 06, 2026 - 20:30 nvd

Patch available

EUVD ID Assigned

Mar 28, 2026 - 19:21 euvd

EUVD-2025-50828

Analysis Generated

Mar 28, 2026 - 19:21 vuln.today

PoC Detected

Dec 08, 2025 - 15:59 vuln.today

Public exploit code

CVE Published

Nov 10, 2025 - 22:15 nvd

LOW 2.0

DescriptionGitHub Advisory

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue.

AnalysisAI

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. Rated low severity (CVSS 2.0), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-457. OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.5 and 3.4.0 through 3.4.2, while fuzzing openexr_exrcheck_fuzzer, Valgrind reports a conditional branch depending on uninitialized data inside generic_unpack. This indicates a use of uninitialized memory. The issue can result in undefined behavior and/or a potential crash/denial of service. Versions 3.3.6 and 3.4.3 fix the issue. Affected products include: Openexr. Version information: through 3.3.5.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

EUVD-2025-50828 vulnerability details – vuln.today

Back