{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T20:25:11.637","vulnerabilities":[{"cve":{"id":"CVE-2025-66617","sourceIdentifier":"talos-cna@cisco.com","published":"2026-03-17T19:16:00.097","lastModified":"2026-03-19T12:11:35.373","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information."},{"lang":"es","value":"Existe una vulnerabilidad de lectura fuera de límites en la funcionalidad EMF de Canva Affinity. Al usar un archivo EMF especialmente diseñado, un atacante podría explotar esta vulnerabilidad para realizar una lectura fuera de límites, lo que podría llevar a la divulgación de información sensible."}],"metrics":{"cvssMetricV31":[{"source":"talos-cna@cisco.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L","baseScore":6.1,"baseSeverity":"MEDIUM","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"LOW"},"exploitabilityScore":1.8,"impactScore":4.2},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.2}]},"weaknesses":[{"source":"talos-cna@cisco.com","type":"Secondary","description":[{"lang":"en","value":"CWE-125"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:canva:affinity:*:*:*:*:*:windows:*:*","versionEndExcluding":"3.1.0","matchCriteriaId":"4C0FE26D-7256-455B-86B0-D69621C80C02"}]}]}],"references":[{"url":"https://talosintelligence.com/vulnerability_reports/TALOS-2025-2315","source":"talos-cna@cisco.com","tags":["Third Party Advisory","Exploit"]},{"url":"https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62","source":"talos-cna@cisco.com","tags":["Vendor Advisory"]},{"url":"https://www.talosintelligence.com/vulnerability_reports/TALOS-2025-2315","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory","Exploit"]}]}}]}