What is CVE-2025-48074?

CVE-2025-48074 is a vulnerability in Academysoftwarefoundation Openexr, classified under Allocation of Resources Without Limits or Throttling. Published 2025-08-01.

Is CVE-2025-48074 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Resource exhaustion in Academysoftwarefoundation Openexr

CVE-2025-48074

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In version 3.3.2, applications trust unvalidated dataWindow size values from file headers, whi…

EPSS: 0.001 (32.4th percentile) — read the EPSS interpretation.

Affected products

Academysoftwarefoundation Openexr — versions >= 3.3.2, < 3.3.3

Weakness classification (CWE)

CWE-770 — Allocation of Resources Without Limits or Throttling

Public proof-of-concept exploits

References

https://github.com/AcademySoftwareFoundation/openexr/security/advisories/GHSA-x22w-82jp-8rvf (x_refsource_CONFIRM)
https://github.com/ShielderSec/poc/tree/main/CVE-2025-48074 (x_refsource_MISC)

Frequently asked questions

What is CVE-2025-48074?: CVE-2025-48074 is a vulnerability in Academysoftwarefoundation Openexr, classified under Allocation of Resources Without Limits or Throttling. Published 2025-08-01.
Is CVE-2025-48074 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.