CVE-2025-53009 MEDIUM

CVE-2025-53009: MaterialX Stack Overflow via Lack of MTLX XML Parsing Recursion Limit

Vendor Academysoftwarefoundation
Product MaterialX
Weakness CWE-121
Published August 1, 2025
Last update August 1, 2025

CVSS base score

5.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In versions 1.39.2 and below, when parsing an MTLX file with multiple nested nodegraph implementations, the MaterialX XML parsing logic can potentially crash due to stack exhaustion. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

Key dates

02Disclosure timeline

August 1, 2025 CVE published
August 1, 2025 Record updated