CVE-2025-64301

EUVD-2025-208795
An out‑of‑bounds write vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out‑of‑bounds write, potentially leading to code execution.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 3.29%
Affected Products (NVD)
VendorProductVersion
canvaaffinity
𝑥
< 3.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2310
https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2310