Null Pointer Vulnerability in MaterialX Software by Academy Software Foundation
CVE-2025-53011

2LOW

Key Information:

Vendor

Academysoftwarefoundation

Status
Materialx
Vendor
CVE Published:
1 August 2025

What is CVE-2025-53011?

In version 1.39.2 of MaterialX, a null pointer dereference occurs when parsing shader nodes within MTLX files. This flaw enables attackers to craft malicious MTLX files that can intentionally crash applications utilizing MaterialX. This vulnerability poses a significant risk as it could result in application crashes, leading to potential denial of service effects. Users are advised to upgrade to version 1.39.3, which contains a fix for this issue.

Affected Version(s)

MaterialX >= 1.39.2, < 1.39.3

References

https://github.com/AcademySoftwareFoundation/MaterialX/se...
x_refsource_CONFIRM
https://github.com/AcademySoftwareFoundation/MaterialX/co...
x_refsource_MISC
https://github.com/AcademySoftwareFoundation/MaterialX/re...
x_refsource_MISC

CVSS V4

Score:
2
Severity:
LOW
Confidentiality:
None
Integrity:
None
Availability:
Low
Attack Vector:
Local
Attack Complexity:
Low
Attack Required:
None
Privileges Required:
Undefined
User Interaction:
None

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.