CVE-2025-53009

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504	Issue Tracking
https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505	Issue Tracking Patch
https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3	Release Notes
https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822	Exploit Vendor Advisory
https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009	Exploit

Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*

History

No history.

Information

Published : 2025-08-01 18:15

Updated : 2025-08-20 21:24

NVD link : CVE-2025-53009

Mitre link : CVE-2025-53009

CVE.ORG link : CVE-2025-53009

JSON object : View

Products Affected

linuxfoundation

materialx

CWE

CWE-121

Stack-based Buffer Overflow

{"id": "CVE-2025-53009", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 5.5, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "PROOF_OF_CONCEPT", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-08-01T18:15:54.463", "references": [{"url": "https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504", "tags": ["Issue Tracking"], "source": "[email protected]"}, {"url": "https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505", "tags": ["Issue Tracking", "Patch"], "source": "[email protected]"}, {"url": "https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3", "tags": ["Release Notes"], "source": "[email protected]"}, {"url": "https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822", "tags": ["Exploit", "Vendor Advisory"], "source": "[email protected]"}, {"url": "https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009", "tags": ["Exploit"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-121"}]}], "descriptions": [{"lang": "en", "value": "MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3."}, {"lang": "es", "value": "MaterialX es un est\u00e1ndar abierto para el intercambio de material enriquecido y contenido de desarrollo de apariencia entre aplicaciones y renderizadores. En las versiones 1.39.2 y anteriores, al analizar un archivo MTLX con m\u00faltiples implementaciones de nodegraph anidadas, la l\u00f3gica de an\u00e1lisis XML de MaterialX puede bloquearse debido al agotamiento de la pila. Un atacante podr\u00eda bloquear intencionalmente un programa objetivo que use OpenEXR enviando un archivo MTLX malicioso. Esto se solucion\u00f3 en la versi\u00f3n 1.39.3."}], "lastModified": "2025-08-20T21:24:28.447", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:materialx:1.39.2:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FE3ABEE-CE46-4ADF-85C7-A5A99FCF30F0"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}