Login Sign Up

CVE-2025-66617

6.1 MEDIUM

📋 TL;DR

An out-of-bounds read vulnerability in Canva Affinity's EMF file processing allows attackers to read memory beyond allocated buffers via specially crafted EMF files. This could lead to disclosure of sensitive information from the application's memory space. Users of Canva Affinity software are affected.

💻 Affected Systems

Products:
  • Canva Affinity
Versions: Specific versions not specified in provided references
Operating Systems: Windows, macOS, Linux
Default Config Vulnerable: ⚠️ Yes
Notes: All installations processing EMF files are vulnerable by default.

📦 What is this software?

Affinity by Canva

View all CVEs affecting Affinity →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Disclosure of sensitive information from application memory, potentially including authentication tokens, user data, or system information that could facilitate further attacks.

🟠

Likely Case

Information disclosure of limited memory contents, potentially revealing application state or partial data fragments.

🟢

If Mitigated

No impact if proper memory protections are in place or if the vulnerability is patched before exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to open malicious EMF file, but no authentication is needed once the file is processed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific version

Vendor Advisory: https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62

Restart Required: Yes

Instructions:

1. Visit Canva's security advisory page
2. Download and install the latest version of Canva Affinity
3. Restart the application

🔧 Temporary Workarounds

Disable EMF file processing

all

Prevent Canva Affinity from processing EMF files to block exploitation vectors

User education and file filtering

all

Train users to avoid opening untrusted EMF files and implement email/web filtering for EMF attachments

🧯 If You Can't Patch

  • Implement application allowlisting to restrict execution of Canva Affinity to trusted systems only
  • Deploy endpoint detection and response (EDR) solutions to monitor for suspicious memory access patterns

🔍 How to Verify

Check if Vulnerable:

Check Canva Affinity version against vendor advisory; if using unpatched version, assume vulnerable

Check Version:

Check within Canva Affinity application settings or about dialog

Verify Fix Applied:

Verify Canva Affinity version matches or exceeds patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

  • Unusual application crashes when processing EMF files
  • Memory access violation errors in application logs

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Unusual file transfer activity involving EMF files

SIEM Query:

source="*canva*" AND (event_type="crash" OR error="memory" OR file_type="emf")

📊 Metadata

CVE ID: CVE-2025-66617
CVSS v3 Score: 6.1 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L
CWE: CWE-125
Published: March 17, 2026
Last Updated: March 19, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-66617, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)