Cyber Resilience

CVE-2025-66000

MediumPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0002 3.7th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66000 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-66000 is an out-of-bounds read vulnerability (CWE-125) in the EMF functionality of Canva Affinity software. Published on 2026-03-17, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). The flaw can be triggered by processing a specially crafted EMF file, enabling an out-of-bounds read that may disclose sensitive information.

An attacker with local access can exploit this vulnerability by tricking a user into opening a malicious EMF file, requiring low attack complexity and no privileges but relying on user interaction. Successful exploitation allows high-impact confidentiality loss through information disclosure, alongside low availability disruption and no integrity impact, with unchanged scope.

Advisories from Talos Intelligence (TALOS-2025-2301) and Canva's trust center provide further details on the vulnerability, including potential mitigation guidance.

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
Why these techniques?

Malicious EMF file delivery triggers execution (T1204.002); resulting OOB read directly enables local sensitive data disclosure (T1005).

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-47873Same product: Canva Affinity
CVE-2025-62403Same product: Canva Affinity
CVE-2025-64733Same product: Canva Affinity
CVE-2025-62500Same product: Canva Affinity
CVE-2025-66617Same product: Canva Affinity
CVE-2025-65119Same product: Canva Affinity
CVE-2025-66503Same product: Canva Affinity
CVE-2026-20726Same product: Canva Affinity
CVE-2025-64776Same product: Canva Affinity
CVE-2025-66042Same product: Canva Affinity

Affected Assets

canva
affinity
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly addresses the CVE by requiring timely identification, reporting, and remediation of flaws such as the out-of-bounds read in Canva Affinity's EMF parsing.

prevent

Implements memory protection mechanisms that mitigate out-of-bounds read vulnerabilities by enforcing memory separation and preventing unauthorized access to sensitive data.

prevent

Requires validation of information inputs like specially crafted EMF files to prevent malformed data from triggering out-of-bounds reads and information disclosure.

References