Potential Crash Vulnerability in MaterialX Version 1.39.2
CVE-2025-53010

2LOW

Key Information:

Vendor

Academysoftwarefoundation

Status
Materialx
Vendor
CVE Published:
1 August 2025

What is CVE-2025-53010?

In MaterialX version 1.39.2, a critical issue arises from the parsing of shader nodes in MTLX files, where the MaterialXCore accesses a potentially null pointer. This vulnerability could lead to program crashes when maliciously crafted MTLX files are processed, allowing attackers to destabilize applications relying on OpenEXR. The issue has been addressed in version 1.39.3, which includes patches to enhance the stability of the product against such attacks.

Affected Version(s)

MaterialX >= 1.39.2, < 1.39.3

References

https://github.com/AcademySoftwareFoundation/MaterialX/se...
x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/MaterialX/co...
x_refsource_MISC
https://github.com/ShielderSec/poc/tree/main/CVE-2025-53010
x_refsource_MISC

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.