CVE-2025-64735
Published: 17 March 2026
Summary
CVE-2025-64735 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly remediates the out-of-bounds read vulnerability in Canva Affinity's EMF parser through timely patching and updates.
Implements memory protection mechanisms such as address space layout randomization and guard pages to prevent exploitation of out-of-bounds reads for sensitive information disclosure.
Enforces robust validation of EMF file inputs to block specially crafted files from triggering out-of-bounds reads in the parser.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
OOB read in local desktop app parser directly enabled by user opening crafted EMF file (T1204.002); info disclosure impact aligns with memory reads but no RCE or other primitives described.
NVD Description
An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.
Deeper analysisAI
CVE-2025-64735 is an out-of-bounds read vulnerability (CWE-125) in the EMF functionality of Canva Affinity. The issue, published on 2026-03-17, allows an attacker to exploit a specially crafted EMF file, potentially leading to the disclosure of sensitive information. It has a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity with high confidentiality impact but low availability impact and no integrity impact.
An attacker with local access can exploit this vulnerability by convincing a user to open a maliciously crafted EMF file in Canva Affinity, as no privileges are required but user interaction is necessary. Successful exploitation enables an out-of-bounds read, which could disclose sensitive information from memory, with a low likelihood of causing application instability due to the limited availability impact.
Mitigation details and further technical analysis are provided in advisories from Talos Intelligence (TALOS-2025-2312) at https://talosintelligence.com/vulnerability_reports/TALOS-2025-2312 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2312, as well as Canva's trust center at https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62.
Details
- CWE(s)