CVE-2025-53009
HIGHLinuxfoundation Materialx < 1.39.3 - Stack Buffer Overflow
Title source: ruleDescription
MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.
References (5)
Core 5
Core References
Exploit, Vendor Advisory x_refsource_confirm
https://github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-wx6g-fm6f-w822
Issue Tracking x_refsource_misc
https://github.com/AcademySoftwareFoundation/MaterialX/issues/2504
Issue Tracking, Patch x_refsource_misc
https://github.com/AcademySoftwareFoundation/MaterialX/pull/2505
Release Notes x_refsource_misc
https://github.com/AcademySoftwareFoundation/MaterialX/releases/tag/v1.39.3
Exploit x_refsource_misc
https://github.com/ShielderSec/poc/tree/main/CVE-2025-53009
Scores
CVSS v3
7.5
EPSS
0.0059
EPSS Percentile
69.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-121
Status
published
Products (2)
linuxfoundation/materialx
1.39.2
pypi/MaterialX
1.39.2 - 1.39.3PyPI
Published
Aug 01, 2025
Tracked Since
Feb 18, 2026