Cyber Posture

CVE-2025-65119

MediumPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0001 2.5th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-65119 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 2.5th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Threat & Defense at a Glance

What attackers do: exploitation maps to Malicious File (T1204.002). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly addresses the vulnerability by requiring timely flaw remediation through patching Canva Affinity's EMF parser as advised in vendor updates.

SI-10 Information Input Validation good match
prevent

Mandates validation of EMF file inputs to reject malformed files that trigger out-of-bounds reads during parsing.

SI-16 Memory Protection good match
prevent

Implements memory protections like address space layout randomization to mitigate information disclosure from out-of-bounds memory reads.

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
attack.mitre.org →
Why these techniques?

Vulnerability is triggered by opening a specially crafted local EMF file, directly mapping to user execution of a malicious file.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

NVD Description

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Deeper analysisAI

An out-of-bounds read vulnerability, tracked as CVE-2025-65119 and associated with CWE-125, affects the EMF functionality in Canva Affinity. Published on 2026-03-17, this issue allows exploitation via a specially crafted EMF file, enabling an out-of-bounds read that could disclose sensitive information. The vulnerability carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L), indicating medium severity with high confidentiality impact.

Attackers can exploit this vulnerability by convincing a user to open a maliciously crafted EMF file in Canva Affinity on a local system. No privileges are required (PR:N), but local access (AV:L) and user interaction (UI:R), such as opening the file, are necessary. Successful exploitation leads to an out-of-bounds read, potentially exposing sensitive information from memory, with low impact on integrity and availability.

Mitigation details are available in advisories from Talos Intelligence (TALOS-2025-2320) and Canva's trust center (https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62). Security practitioners should consult these references for patch information, workarounds, or updated versions of Canva Affinity to address the issue.

Details

CWE(s)
CWE-125

Affected Products

canva
affinity
≤ 3.1.0

CVEs Like This One

CVE-2025-64735Same product: Canva Affinity
CVE-2026-22882Same product: Canva Affinity
CVE-2025-62500Same product: Canva Affinity
CVE-2025-62403Same product: Canva Affinity
CVE-2026-20726Same product: Canva Affinity
CVE-2025-61979Same product: Canva Affinity
CVE-2025-66503Same product: Canva Affinity
CVE-2025-64733Same product: Canva Affinity
CVE-2025-66617Same product: Canva Affinity
CVE-2025-58427Same product: Canva Affinity

References