Login Sign Up

CVE-2025-64301

7.8 HIGH
Remote Code Execution

📋 TL;DR

An out-of-bounds write vulnerability in Canva Affinity's EMF file processing allows attackers to execute arbitrary code by tricking users into opening malicious EMF files. This affects all users of vulnerable Canva Affinity software versions. Successful exploitation could give attackers full control of the affected system.

💻 Affected Systems

Products:
  • Canva Affinity Designer
  • Canva Affinity Photo
  • Canva Affinity Publisher
Versions: All versions prior to the security patch
Operating Systems: Windows, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability triggers when processing EMF files, which could be delivered via email attachments, downloads, or shared documents.

📦 What is this software?

Affinity by Canva

View all CVEs affecting Affinity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with SYSTEM/root privileges leading to complete system compromise, data theft, ransomware deployment, or lateral movement within networks.

🟠

Likely Case

Local privilege escalation or arbitrary code execution in the context of the current user, potentially leading to credential theft, data exfiltration, or malware installation.

🟢

If Mitigated

Denial of service (application crash) if memory corruption doesn't lead to reliable code execution due to mitigations like ASLR/DEP.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available at disclosure time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Canva Affinity update for latest security patch

Vendor Advisory: https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62

Restart Required: Yes

Instructions:

1. Open Canva Affinity application. 2. Go to Help > Check for Updates. 3. Install all available updates. 4. Restart the application.

🔧 Temporary Workarounds

Block EMF file extensions

all

Prevent processing of EMF files at the system or network level

Disable EMF file association

windows

Remove Canva Affinity as default handler for EMF files

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized software execution
  • Use email/web gateways to block EMF file attachments and downloads

🔍 How to Verify

Check if Vulnerable:

Check Canva Affinity version against patched version in vendor advisory

Check Version:

Open Canva Affinity > Help > About (version displayed in dialog)

Verify Fix Applied:

Verify application version matches or exceeds patched version, test with known safe EMF files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when opening EMF files
  • Unusual process spawning from Canva Affinity

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Outbound connections after opening EMF files

SIEM Query:

source="*canva*" OR process="*affinity*" AND (event_type="crash" OR file_extension=".emf")

📊 Metadata

CVE ID: CVE-2025-64301
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 17, 2026
Last Updated: March 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-64301, you might also want to check these:

CVE-2019-5684 10.0

This vulnerability in NVIDIA Windows GPU Display Drivers allows specially crafted DirectX shaders to...

Same vulnerability type (CWE-787)
CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2018-6692 10.0

This vulnerability allows remote attackers to execute arbitrary code on Belkin Wemo Insight Smart Pl...

Same vulnerability type (CWE-787)