CVE-2025-65119 is a medium severity vulnerability classified as CWE-125 (Out-of-bounds Read) affecting Canva Affinity version 3.0.1.3808. The flaw exists in the Enhanced Metafile (EMF) file processing component, where improper bounds checking allows an attacker to read memory outside the intended buffer. By crafting a specially designed EMF file and convincing a user to open it within the vulnerable Canva Affinity application, an attacker can trigger this out-of-bounds read. This can lead to unauthorized disclosure of sensitive information residing in adjacent memory areas. The vulnerability does not permit code execution or modification of data, but the confidentiality impact is high due to potential leakage of sensitive information. Exploitation requires local access to the victim system and user interaction to open the malicious file, which limits remote exploitation. The CVSS v3.1 score of 6.1 reflects these factors: low attack vector (local), low attack complexity, no privileges required, user interaction required, unchanged scope, high confidentiality impact, no integrity or availability impact. No public exploits or patches are currently available, indicating the need for proactive mitigation. The vulnerability was reserved in December 2025 and published in March 2026 by the Talos team, highlighting its recent discovery. This vulnerability is particularly relevant for organizations relying on Canva Affinity for graphic design workflows involving EMF files, which are commonly used vector graphics formats in Windows environments.

The primary impact of CVE-2025-65119 is the potential disclosure of sensitive information from the memory of systems running the vulnerable Canva Affinity version. This can include confidential design data, user credentials cached in memory, or other sensitive artifacts depending on the application context. Although it does not allow code execution or system compromise, information leakage can facilitate further attacks such as social engineering or privilege escalation. Organizations handling sensitive or proprietary graphic content are at risk of intellectual property exposure. The requirement for local access and user interaction reduces the likelihood of widespread automated exploitation but does not eliminate insider threats or targeted attacks. The vulnerability could undermine trust in Canva Affinity’s security posture and lead to compliance issues if sensitive data is exposed. Given Canva’s global user base, the impact is relevant across multiple sectors including creative industries, marketing agencies, and enterprises using the software for internal documentation and design.

1. Avoid opening EMF files from untrusted or unknown sources within Canva Affinity until a patch is released. 2. Implement strict file validation and scanning for EMF files at the gateway or endpoint level to detect malformed or suspicious files. 3. Use application whitelisting and sandboxing techniques to isolate Canva Affinity processes, limiting the impact of potential exploitation. 4. Educate users on the risks of opening unsolicited or unexpected EMF files, emphasizing cautious handling of email attachments and downloads. 5. Monitor system logs and application behavior for anomalies related to EMF file processing. 6. Coordinate with Canva for timely updates and patches addressing this vulnerability. 7. Consider disabling or restricting EMF file support in Canva Affinity if feasible within operational requirements. 8. Employ endpoint detection and response (EDR) tools to detect unusual memory access patterns that may indicate exploitation attempts. These measures go beyond generic advice by focusing on file handling policies, user awareness, and proactive detection tailored to the vulnerability’s characteristics.