CVE-2025-53010 LOW

CVE-2025-53010: MaterialX's unchecked nodeGraph->getOutput return is vulnerable to NULL Pointer Dereference

Vendor Academysoftwarefoundation
Product MaterialX
Weakness CWE-476
Published August 1, 2025
Last update August 1, 2025

CVSS base score

2.0/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

MaterialX is an open standard for the exchange of rich material and look-development content across applications and renderers. In version 1.39.2, when parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files. An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file. This is fixed in version 1.39.3.

Key dates

02Disclosure timeline

August 1, 2025 CVE published
August 1, 2025 Record updated