N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-53010

GHSA ID

GHSA-3jhf-gxhr-q4cx

EPSS Score

CWE

CWE-476

Published

7/31/2025

Updated

7/31/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2025-53010

CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary

When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files.

Details

In src/MaterialXCore/Material.cpp, in function getShaderNodes, the following code fetches the output nodes for a given nodegraph input node:

// SNIP...
        else if (input->hasNodeGraphString())
        {
            // Check upstream nodegraph connected to the input.
            // If no explicit output name given then scan all outputs on the nodegraph.
            ElementPtr parent = materialNode->getParent();
            NodeGraphPtr nodeGraph = parent->getChildOfType<NodeGraph>(input->getNodeGraphString());
            if (!nodeGraph)
            {
                continue;
            }
            vector<OutputPtr> outputs;
            if (input->hasOutputString())
            {
                outputs.push_back(nodeGraph->getOutput(input->getOutputString())); // <--- null ptr is returned
            }
            else
            {
                outputs = nodeGraph->getOutputs();
            }
            for (OutputPtr output : outputs)
            {
                NodePtr upstreamNode = output->getConnectedNode(); // <--- CRASHES HERE
                if (upstreamNode && !shaderNodeSet.count(upstreamNode))
                {
                    if (!target.empty() && !upstreamNode->getNodeDef(target))
                    {
                        continue;
                    }
                    shaderNodeVec.push_back(upstreamNode);
                    shaderNodeSet.insert(upstreamNode);
                }
            }
        }
    }
// SNIP...

The issues arise because the nodeGraph->getOutput(input->getOutputString()) call can return a null pointer, therefore when trying to call output->getConnectedNode(), this results in a crash .

PoC

Please download nullptr_getshadernodes.mltx from the following link:

https://github.com/ShielderSec/poc/tree/main/CVE-2025-53010

build/bin/MaterialXView --material nullptr_getshadernodes.mtlx

Impact

An attacker could intentionally crash a target program that uses OpenEXR by sending a malicious MTLX file.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2025-53010

CVE-2025-53010:

N/A

CVSS Score

-

CVSS Score

Basic Information

CVE ID

CVE-2025-53010

GHSA ID

GHSA-3jhf-gxhr-q4cx

EPSS Score

CWE

CWE-476

Published

7/31/2025

Updated

7/31/2025

KEV Status

Technology

Python

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
MaterialX	pip	= 1.39.2	1.39.3

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability is a classic null pointer dereference. The analysis of the provided security advisory and the associated commit e13344ba13326869d7820b444705f24d56fab73d clearly indicates that the getShaderNodes function in source/MaterialXCore/Material.cpp is the culprit. The patch itself demonstrates the vulnerability by adding a null check for the OutputPtr returned by nodeGraph->getOutput(). Before the patch, a specially crafted MaterialX file could cause getOutput() to return a null pointer. This null pointer would then be added to the outputs vector. Later in the function, the code iterates through the outputs vector and calls a method on each element, resulting in a crash when it tries to dereference the null pointer. Therefore, any runtime profile of an exploit triggering this vulnerability would show the getShaderNodes function in the stack trace at the time of the crash.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary

Details

PoC

Impact

CVE-2025-53010:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability Intelligence
Miggo AI

Detect and Respond To Threats Faster.

CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary

Details

PoC

Impact

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

N/A

N/A

Basic Information

Basic Information

N/A

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary

Details

PoC

Impact

CVE-2025-53010:

N/A

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Vulnerability IntelligenceMiggo AI

CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return

Summary

Details

PoC

Impact

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Technical Details

N/A

N/A

Basic Information

Basic Information

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI