{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66342", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-12-05T12:07:22.387Z", "datePublished": "2026-03-17T18:52:52.871Z", "dateUpdated": "2026-03-18T17:00:08.764Z"}, "containers": {"cna": {"affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"version": "3.0.1.3808", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')", "type": "CWE", "cweId": "CWE-843"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:08.764Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T19:58:21.370395Z", "id": "CVE-2025-66342", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T19:58:50.641Z"}}, {"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:34.299Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:34.299Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66342", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-17T19:58:21.370395Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T19:58:35.884Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.8, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"status": "affected", "version": "3.0.1.3808"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-843", "description": "CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:08.764Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66342", "state": "PUBLISHED", "dateUpdated": "2026-03-18T17:00:08.764Z", "dateReserved": "2025-12-05T12:07:22.387Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-17T18:52:52.871Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4C0FE26D-7256-455B-86B0-D69621C80C02", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution."}, {"lang": "es", "value": "Una vulnerabilidad de confusi\u00f3n de tipos existe en la funcionalidad EMF de Canva Affinity. Un archivo EMF especialmente dise\u00f1ado puede desencadenar esta vulnerabilidad, lo que puede llevar a corrupci\u00f3n de memoria y resultar en ejecuci\u00f3n de c\u00f3digo arbitrario."}], "id": "CVE-2025-66342", "lastModified": "2026-03-19T12:11:04.160", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "talos-cna@cisco.com", "type": "Secondary"}]}, "published": "2026-03-17T19:15:59.750", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}, {"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-843"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.3808"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Affinity", "source": "cna", "vendor": "Canva"}, "product": "affinity", "vendor": "canva"}], "analysis": {"en": {"generated_at": "2026-03-19T13:21:48.005327+00:00", "value": {"mitigation_remediation": ["Check Canva Affinity for available updates or patches on the vendor\u2019s website.", "Disable or restrict processing of EMF files if the functionality is not required in your environment.", "Implement file integrity controls or content-disposition checks to prevent open of untrusted EMF files.", "Monitor for potential exploitation attempts by inspecting system logs for anomalous code execution patterns."], "summary": {"action": "Assess Impact", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is Canva Affinity, running on Windows platforms as indicated by the CPE string. Specific version information is not supplied by the CVE data, so all installations of Canva Affinity may be vulnerable until an update is deployed.", "description_and_impact": "A type confusion flaw has been identified in the EMF processing routine of Canva Affinity. When the application parses a specially crafted EMF file, the mismatch in expected data types can cause memory corruption, enabling an attacker to execute arbitrary code on the affected system. The vulnerability is rooted in CWE-843, which denotes Data Type Confusion, and the vendor\u2019s description confirms that the result can lead to code execution.", "risk_and_exploitability": "The CVSS score is 7.8, indicating high severity. The EPSS score is less than 1%, suggesting a low probability of exploitation in the wild, and the vulnerability is not currently listed in CISA\u2019s KEV catalog. Based on the nature of the flaw and the fact that it requires a crafted EMF file, the likely attack vector is local: the attacker would need to deliver or trick the victim into opening the malicious file. If the file is processed remotely by a web component, a remote vector could also be possible, but this is inferred rather than stated in the input."}}}}, "created": "2026-03-18T10:42:59.020432+00:00", "title": "Memory Corruption via Type Confusion in Canva Affinity EMF Processor Leading to Arbitrary Code Execution", "updated": "2026-03-24T10:54:48.445839+00:00", "vendors": ["canva", "canva$PRODUCT$affinity"]}