{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-01T01:27:54.326","vulnerabilities":[{"cve":{"id":"CVE-2025-53009","sourceIdentifier":"security-advisories@github.com","published":"2025-08-01T18:15:54.463","lastModified":"2025-08-20T21:24:28.447","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3."},{"lang":"es","value":"MaterialX es un estándar abierto para el intercambio de material enriquecido y contenido de desarrollo de apariencia entre aplicaciones y renderizadores. En las versiones 1.39.2 y anteriores, al analizar un archivo MTLX con múltiples implementaciones de nodegraph anidadas, la lógica de análisis XML de MaterialX puede bloquearse debido al agotamiento de la pila. Un atacante podría bloquear intencionalmente un programa objetivo que use OpenEXR enviando un archivo MTLX malicioso. Esto se solucionó en la versión 1.39.3."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":5.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"PROOF_OF_CONCEPT","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-121"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*","matchCriteriaId":"2FE3ABEE-CE46-4ADF-85C7-A5A99FCF30F0"}]}]}],"references":[{"url":"https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504","source":"security-advisories@github.com","tags":["Issue Tracking"]},{"url":"https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505","source":"security-advisories@github.com","tags":["Issue Tracking","Patch"]},{"url":"https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3","source":"security-advisories@github.com","tags":["Release Notes"]},{"url":"https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]},{"url":"https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009","source":"security-advisories@github.com","tags":["Exploit"]}]}}]}