Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-53009

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

Published

2025-08-01T18:15:54.463

Last Modified

2025-08-20T21:24:28.447

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

Weaknesses

Type: Secondary
CWE-121

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	linuxfoundation	materialx	1.39.2	Yes

References

https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504 Issue Tracking ([email protected])
https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505 Issue Tracking, Patch ([email protected])
https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3 Release Notes ([email protected])
https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822 Exploit, Vendor Advisory ([email protected])
https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009 Exploit ([email protected])