{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-66617", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "state": "PUBLISHED", "assignerShortName": "talos", "dateReserved": "2025-12-10T12:56:27.297Z", "datePublished": "2026-03-17T18:52:36.982Z", "dateUpdated": "2026-03-18T17:00:19.140Z"}, "containers": {"cna": {"affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"version": "3.0.1.3808", "status": "affected"}]}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-125: Out-of-bounds Read", "type": "CWE", "cweId": "CWE-125"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM"}}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:19.140Z"}, "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}]}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:36.443Z"}}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T13:47:01.626048Z", "id": "CVE-2025-66617", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:47:14.335Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-17T20:11:36.443Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-66617", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T13:47:01.626048Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T13:47:09.922Z"}}], "cna": {"credits": [{"lang": "en", "value": "Discovered by KPC of Cisco Talos."}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.1, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Canva", "product": "Affinity", "versions": [{"status": "affected", "version": "3.0.1.3808"}]}], "references": [{"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315", "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}, {"url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62", "name": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-125", "description": "CWE-125: Out-of-bounds Read"}]}], "providerMetadata": {"orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "shortName": "talos", "dateUpdated": "2026-03-18T17:00:19.140Z"}}}, "cveMetadata": {"cveId": "CVE-2025-66617", "state": "PUBLISHED", "dateUpdated": "2026-03-18T17:00:19.140Z", "dateReserved": "2025-12-10T12:56:27.297Z", "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b", "datePublished": "2026-03-17T18:52:36.982Z", "assignerShortName": "talos"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*", "matchCriteriaId": "4C0FE26D-7256-455B-86B0-D69621C80C02", "versionEndExcluding": "3.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."}, {"lang": "es", "value": "Existe una vulnerabilidad de lectura fuera de l\u00edmites en la funcionalidad EMF de Canva Affinity. Al usar un archivo EMF especialmente dise\u00f1ado, un atacante podr\u00eda explotar esta vulnerabilidad para realizar una lectura fuera de l\u00edmites, lo que podr\u00eda llevar a la divulgaci\u00f3n de informaci\u00f3n sensible."}], "id": "CVE-2025-66617", "lastModified": "2026-03-19T12:11:35.373", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.2, "source": "talos-cna@cisco.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-17T19:16:00.097", "references": [{"source": "talos-cna@cisco.com", "tags": ["Third Party Advisory", "Exploit"], "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}, {"source": "talos-cna@cisco.com", "tags": ["Vendor Advisory"], "url": "https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "Exploit"], "url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2315"}], "sourceIdentifier": "talos-cna@cisco.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-125"}], "source": "talos-cna@cisco.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "3.0.1.3808"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Affinity", "source": "cna", "vendor": "Canva"}, "product": "affinity", "vendor": "canva"}], "analysis": {"en": {"generated_at": "2026-03-19T13:51:51.987514+00:00", "value": {"mitigation_remediation": ["Check Canva Affinity website or support portal for security updates or patches that address the EMF vulnerability.", "Apply any released update that fixes the out\u2011of\u2011bounds read issue.", "Avoid opening untrusted or suspicious EMF files until a patch is applied."], "summary": {"action": "Assess Impact", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Canva Affinity running on Windows is affected, as identified by the CPE cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*. No specific affected version numbers are listed in the CVE data, so administrators should verify whether their installed version is on the affected release line using vendor documentation.", "description_and_impact": "An out\u2011of\u2011bounds read vulnerability (CWE\u2011125) exists in the EMF functionality of Canva Affinity. Exploiting the vulnerability by opening a specially crafted EMF file can cause the application to read memory beyond the intended bounds, potentially revealing sensitive information to the attacker. The CVE description states the primary impact is disclosure of sensitive data.", "risk_and_exploitability": "The CVSS score of 6.1 indicates moderate risk, while the EPSS score of less than 1% suggests a low probability of exploitation in the near term. The vulnerability is not listed in CISA's KEV catalog. It is triggered by opening a malicious EMF file, so the likely attack vector is a file\u2011based local or remote delivery. Exploitation requires the victim to run Canva Affinity and open the crafted file, making it mitigable by restricting file opening from untrusted sources and applying any available patch."}}}}, "created": "2026-03-18T12:12:50.517961+00:00", "title": "Canva Affinity Out\u2011of\u2011Bounds Read in EMF Functionality", "updated": "2026-03-24T10:54:57.427362+00:00", "vendors": ["canva", "canva$PRODUCT$affinity"]}