Potential Crash Vulnerability in MaterialX Version 1.39.2
CVE-2025-53010

2LOW

Key Information:

Status
Vendor
CVE Published:
1 August 2025

What is CVE-2025-53010?

In MaterialX version 1.39.2, a critical issue arises from the parsing of shader nodes in MTLX files, where the MaterialXCore accesses a potentially null pointer. This vulnerability could lead to program crashes when maliciously crafted MTLX files are processed, allowing attackers to destabilize applications relying on OpenEXR. The issue has been addressed in version 1.39.3, which includes patches to enhance the stability of the product against such attacks.

Affected Version(s)

MaterialX >= 1.39.2, < 1.39.3

References

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2025-53010 : Potential Crash Vulnerability in MaterialX Version 1.39.2