CVE-2025-61952
Published: 17 March 2026
Summary
CVE-2025-61952 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Flaw remediation directly addresses the out-of-bounds read vulnerability by applying patches to Canva Affinity's EMF parsing functionality as advised in vendor updates.
Information input validation enforces proper bounds checking and sanitization of EMF files to prevent out-of-bounds reads during parsing.
Memory protection mechanisms like address space layout randomization and stack canaries mitigate information disclosure from out-of-bounds reads in the EMF processing.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in client-side EMF parser enables info disclosure via malicious file opened by user.
NVD Description
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Deeper analysisAI
An out-of-bounds read vulnerability, tracked as CVE-2025-61952 and associated with CWE-125, affects the EMF functionality in Canva Affinity software. Published on 2026-03-17, this issue allows exploitation via a specially crafted EMF file, enabling an out-of-bounds read that could disclose sensitive information. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity with high confidentiality impact.
A local attacker with no privileges required can exploit this vulnerability by tricking a user into opening a malicious EMF file through the affected EMF processing in Canva Affinity. Successful exploitation requires low complexity and user interaction but stays within the application's scope, potentially allowing the attacker to read sensitive data from memory while causing limited availability disruption and no integrity impact.
Mitigation details and further technical analysis are available in advisories from Talos Intelligence (TALOS-2025-2317) and Canva's trust center. Security practitioners should consult these references for patching guidance and updated information on Canva Affinity.
Details
- CWE(s)