CVE-2025-53010: MaterialX Null Pointer Dereference in getShaderNodes due to Unchecked nodeGraph->getOutput return
(updated )
When parsing shader nodes in a MTLX file, the MaterialXCore code accesses a potentially null pointer, which can lead to crashes with maliciously crafted files.
References
- github.com/AcademySoftwareFoundation/MaterialX
- github.com/AcademySoftwareFoundation/MaterialX/commit/e13344ba13326869d7820b444705f24d56fab73d
- github.com/AcademySoftwareFoundation/MaterialX/security/advisories/GHSA-3jhf-gxhr-q4cx
- github.com/ShielderSec/poc/tree/main/CVE-2025-53010
- github.com/advisories/GHSA-3jhf-gxhr-q4cx
- nvd.nist.gov/vuln/detail/CVE-2025-53010
Code Behaviors & Features
Detect and mitigate CVE-2025-53010 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →