Cyber Resilience

CVE-2025-66617

MediumPublic PoC

Published: 17 March 2026

Published
17 March 2026
Modified
19 March 2026
KEV Added
Patch
CVSS Score v3.1 6.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
EPSS Score 0.0002 3.7th percentile
Risk Priority 12 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-66617 is a medium-severity Out-of-bounds Read (CWE-125) vulnerability in Canva Affinity. Its CVSS base score is 6.1 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Malicious File (T1204.002); ranked at the 3.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2025-66617 is an out-of-bounds read vulnerability (CWE-125) in the EMF functionality of Canva Affinity software. Published on 2026-03-17, it carries a CVSS v3.1 base score of 6.1 (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L). The issue allows an attacker using a specially crafted EMF file to trigger an out-of-bounds read, potentially leading to the disclosure of sensitive information.

Exploitation requires local access vector with low attack complexity and no privileges, but depends on user interaction, such as opening the malicious EMF file in Canva Affinity. A successful attack can achieve high confidentiality impact through information disclosure, alongside low availability impact and no integrity impact, without affecting the scope of the impacted component.

Mitigation guidance is available in related advisories, including Talos Intelligence report TALOS-2025-2315 (https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315 and https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2315) and Canva's trust center (https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62).

EU & UK References

Vulnerability details

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1204.002 Malicious File Execution
An adversary may rely upon a user opening a malicious file in order to gain execution.
Why these techniques?

Out-of-bounds read in EMF parser triggered by opening a crafted file directly maps to user execution of a malicious file for information disclosure.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2025-62403Same product: Canva Affinity
CVE-2025-64733Same product: Canva Affinity
CVE-2025-62500Same product: Canva Affinity
CVE-2025-65119Same product: Canva Affinity
CVE-2025-66503Same product: Canva Affinity
CVE-2026-20726Same product: Canva Affinity
CVE-2025-64776Same product: Canva Affinity
CVE-2025-66042Same product: Canva Affinity
CVE-2025-66633Same product: Canva Affinity
CVE-2025-64735Same product: Canva Affinity

Affected Assets

canva
affinity
≤ 3.1.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the out-of-bounds read flaw in Canva Affinity's EMF parser through timely patching and updates.

prevent

Enforces validation of EMF file inputs to reject malformed structures that trigger out-of-bounds reads.

prevent

Implements memory protection mechanisms like address space layout randomization and data execution prevention to block exploitation of out-of-bounds reads for information disclosure.

References