LeakyCreds
NewInstant webhook alerts now available ā€” notified within seconds of any credential detection.Learn more ā†’
Home / Vulnerability Intelligence / CVE-2025-66342

CVE-2025-66342 - Vulnerability Analysis

HighCVSS: 7.8

Last Updated: March 19, 2026

Canva Affinity - Remote Code Execution

Published: March 17, 2026Updated: March 19, 2026PoC Available

Overview

Canva Affinity contains a type confusion vulnerability caused by specially crafted EMF files in EMF functionality, letting attackers execute arbitrary code, exploit requires crafted EMF file.

Severity & Score

Severity: High
CVSS Score: 7.8
EPSS Score: 1.3%(Probability of exploitation in next 30 days)

Impact

Attackers can execute arbitrary code via crafted EMF files, potentially leading to full system compromise.

Mitigation

Update to the latest version of Canva Affinity.

References

Social Media Activity(1 post)

TheHackerWire
TheHackerWire
@thehackerwire
Mar 17, 2026

šŸŸ  CVE-2025-66342 - High (7.8) A type confusion vulnerability exists in the EMF functionality of Canva Affinity. A specially crafted EMF file can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. šŸ”— https://www.thehackerwire.com/vulnerability/CVE-2025-66342/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

View original post

Related Resources

Details

CVE ID
CVE-2025-66342
Severity
High
CVSS Score
7.8
Type
undefined
Status
confirmed
EPSS
1.3%
Social Posts
1

CWE

  • CWE-843

CVSS Metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score

1.3%Probability of exploitation in the next 30 days