{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-61952", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-12-10T12:59:15.292Z", "datePublished": "2026-03-17T18:52:34.072Z", "dateUpdated": "2026-03-18T17:00:21.023Z"}, "containers": {"cna": {"affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"version": "3.0.1.3808", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:21.023Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2317", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:22.054Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T13:43:33.793608Z", "id": "CVE-2025-61952", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:44:19.717Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:22.054Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-61952", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T13:43:33.793608Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:43:41.030Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"status": "affected", "version": "3.0.1.3808"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2317", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:21.023Z"}}}, "cveMetadata": {"cveId": "CVE-2025-61952", "state": "PUBLISHED", "dateUpdated": "2026-03-18T17:00:21.023Z", "dateReserved": "2025-12-10T12:59:15.292Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-17T18:52:34.072Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4C0FE26D-7256-455B-86B0-D69621C80C02", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de lectura fuera de l\u00edmites existe en la funcionalidad EMF de Canva Affinity. Al usar un archivo EMF especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para realizar una lectura fuera de l\u00edmites, lo que podr\u00eda llevar a la divulgaci\u00f3n de informaci\u00f3n sensible."}], "id": "CVE-2025-61952", "lastModified": "2026-03-19T12:22:55.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T19:15:57.927", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}, {"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2317"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.3808"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Affinity", "source": "cna", "vendor": "Canva"}, "product": "affinity", "vendor": "canva"}], "analysis": {"en": {"generated_at": "2026-03-19T13:52:13.225259+00:00", "value": {"mitigation_remediation": ["Apply the latest security update for Canva Affinity from the vendor\u2019s official channel.", "If a patch is not yet available, restrict or disable the opening of EMF files from untrusted sources in the application settings.", "Run the application with the principle of least privilege to limit potential data disclosure."], "summary": {"action": "Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "The impacted software is Canva Affinity, with no specific affected version listed by the CNA. The issue is present for all Windows deployments of the product that include the default EMF functionality, as indicated by the CPE string. Users running any release that has not been updated against this vulnerability are potentially affected.", "description_and_impact": "Key detail from CVE description: an out\u2011of\u2011bounds read vulnerability exists in the Enhanced Metafile (EMF) processing component of Canva Affinity. By supplying a specially crafted EMF file, an attacker can cause the application to read memory beyond the intended bounds, potentially exposing sensitive data stored in that memory. The weakness is identified as CWE\u2011125 (Out\u2011Of\u2011Bounds Read).", "risk_and_exploitability": "The CVSS base score of 6.1 classifies the vulnerability as moderate severity. The EPSS score of less than 1% implies a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. Based on the description, it is inferred that the attacker must supply a malicious EMF file \u2013 which could be introduced locally (e.g., via a file opened by a user) or remotely if EMF files are distributed through shared media or email attachments. The limited exploitability suggests that further defensive controls may mitigate the threat. "}}}}, "created": "2026-03-18T12:12:52.328433+00:00", "title": "Out\u2011of\u2011Bounds Read in Canva Affinity EMF Functionality Leading to Information Disclosure", "updated": "2026-03-24T10:54:59.177651+00:00", "vendors": ["canva", "canva$PRODUCT$affinity"]}