What is CVE-2025-61979?

CVE-2025-61979 is a medium-severity vulnerability in Canva Affinity, classified under Out-of-bounds Read. CVSS score: 6.1/10. Published 2026-03-17.

How severe is CVE-2025-61979?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Out-of-bounds Read in Canva Affinity

CVE-2025-61979

An out-of-bounds read vulnerability exists in the EMF functionality of Canva Affinity. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclos…

Vulnerability class: Buffer Overflow

EPSS: 0.000 (3.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L.

Affected products

Canva Affinity — versions 3.0.1.3808

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

References

https://talosintelligence.com/vulnerability_reports/TALOS-2025-2299
https://trust.canva.com/?tcuUid=1f728b0d-17f3-4c9c-97e9-6662b769eb62

Frequently asked questions

What is CVE-2025-61979?: CVE-2025-61979 is a medium-severity vulnerability in Canva Affinity, classified under Out-of-bounds Read. CVSS score: 6.1/10. Published 2026-03-17.
How severe is CVE-2025-61979?: Medium severity. CVSS v3 base score is 6.1 out of 10.