{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-64733", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-12-05T13:10:47.212Z", "datePublished": "2026-03-17T18:52:48.001Z", "dateUpdated": "2026-03-18T17:00:11.883Z"}, "containers": {"cna": {"affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"version": "3.0.1.3808", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:11.883Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2300", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:27.362Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T14:01:54.250177Z", "id": "CVE-2025-64733", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:02:06.012Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:27.362Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-64733", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T14:01:54.250177Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:02:00.616Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"status": "affected", "version": "3.0.1.3808"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2300", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:11.883Z"}}}, "cveMetadata": {"cveId": "CVE-2025-64733", "state": "PUBLISHED", "dateUpdated": "2026-03-18T17:00:11.883Z", "dateReserved": "2025-12-05T13:10:47.212Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-17T18:52:48.001Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4C0FE26D-7256-455B-86B0-D69621C80C02", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}, {"lang": "es", "value": "Una vulnerabilidad de lectura fuera de l\u00edmites existe en la funcionalidad EMF de Canva Affinity. Al usar un archivo EMF especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para realizar una lectura fuera de l\u00edmites, lo que podr\u00eda llevar a la divulgaci\u00f3n de informaci\u00f3n sensible."}], "id": "CVE-2025-64733", "lastModified": "2026-03-19T12:25:04.240", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T19:15:58.757", "references": [{"source": "talos-cna@cisco.com", "tags": ["Exploit", "Third Party Advisory"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}, {"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2300"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.3808"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Affinity", "source": "cna", "vendor": "Canva"}, "product": "affinity", "vendor": "canva"}], "analysis": {"en": {"generated_at": "2026-03-19T13:22:41.378036+00:00", "value": {"mitigation_remediation": ["Apply any vendor-released security patch for Affinity as soon as it becomes available.", "Disable or restrict processing of EMF files if the functionality is unnecessary; consider blocking the file type in the application settings.", "Configure the operating system or security software to flag or quarantine untrusted EMF files before opening.", "Verify that all files are sourced from trusted origins and monitor for suspicious attachments.", "Keep the operating system and application up to date with the latest security updates."], "summary": {"action": "Patch ASAP", "impact": "Data disclosure"}, "threat_synthesis": {"affected_systems": "Affects Canva's Affinity product running on Windows platforms. No specific product versions are listed in the CVE data, but the CPE identifier cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:* indicates all versions of Affinity on Windows could be impacted.", "description_and_impact": "The vulnerability is an out-of-bounds read that occurs when the Affinity application processes EMF files. An attacker who supplies a specially crafted EMF file can trigger the overflow and read memory that may contain sensitive data, exposing confidential information. The weakness corresponds to CWE-125, indicating an out-of-bounds read that can lead to information disclosure.", "risk_and_exploitability": "The CVSS score of 6.1 classifies the issue as moderate severity, while the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The vulnerability is not listed in the CISA KEV catalog. Although the official attacker\u2019s path is not explicitly described, the description implies that the attack vector requires an attacker to supply a malicious EMF file, which could be delivered via email, web download, or local file import. This inference indicates that the vulnerability is primarily exploitable through local or remote file inclusion when the application allows EMF files from arbitrary sources."}}}}, "created": "2026-03-18T10:43:01.606985+00:00", "title": "Out\u2011of\u2011Bounds Read in Affinity EMF Processing leads to Data Disclosure", "updated": "2026-03-24T10:54:51.211036+00:00", "vendors": ["canva", "canva$PRODUCT$affinity"]}