CVE-2025-66342

EUVD-2025-208803
A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution.
Type Confusion
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1.82%
Affected Products (NVD)
VendorProductVersion
canvaaffinity
𝑥
< 3.1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://talosintelligence.com/vulnerability_reports/TALOS-2025-2297
https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62
https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2297