Login Sign Up

CVE-2025-66042

6.1 MEDIUM

📋 TL;DR

An out-of-bounds read vulnerability in Canva Affinity's EMF file processing allows attackers to read memory beyond allocated buffers via specially crafted EMF files. This could lead to sensitive information disclosure from the application's memory space. Users of Canva Affinity software are affected.

💻 Affected Systems

Products:
  • Canva Affinity
Versions: Versions prior to patch
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with EMF file processing enabled are vulnerable when opening malicious files.

📦 What is this software?

Affinity by Canva

View all CVEs affecting Affinity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Disclosure of sensitive information from application memory, potentially including authentication tokens, user data, or system information that could facilitate further attacks.

🟠

Likely Case

Information disclosure of limited memory contents, potentially revealing application state or partial data fragments.

🟢

If Mitigated

No impact if proper controls prevent malicious EMF file execution or if patched version is used.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious file, but could be delivered via email, downloads, or web content.
🏢 Internal Only: MEDIUM - Similar risk profile internally if users can be tricked into opening malicious files.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to open malicious EMF file, but no authentication is needed once file is opened.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Canva Affinity updates for specific version

Vendor Advisory: https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62

Restart Required: Yes

Instructions:

1. Open Canva Affinity application
2. Navigate to Help > Check for Updates
3. Install available updates
4. Restart the application

🔧 Temporary Workarounds

Disable EMF file processing

all

Prevent Affinity from processing EMF files by modifying file associations or using application restrictions

User education and file filtering

all

Train users to avoid opening EMF files from untrusted sources and implement email/web filtering for EMF attachments

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized Affinity execution
  • Use endpoint protection with memory protection features enabled

🔍 How to Verify

Check if Vulnerable:

Check Affinity version against patched version in vendor advisory

Check Version:

In Affinity: Help > About (Windows) or Affinity [Product] > About Affinity [Product] (macOS)

Verify Fix Applied:

Verify Affinity version is updated to patched version and test with known safe EMF files

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing EMF files
  • Unusual memory access patterns in application logs

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Unusual outbound connections after EMF file processing

SIEM Query:

source="*affinity*" AND (event="crash" OR event="error") AND file_extension="emf"

📊 Metadata

CVE ID: CVE-2025-66042
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
CWE: CWE-125
Published: March 17, 2026
Last Updated: March 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66042, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)