Since this is a reserved CVE and no details have been disclosed, https://www.cve.org/CVERecord?id=CVE-2025-14439, it is currently impossible to determine whether this package is affected.

Following the breadcrumb trail to bug 2407262, I found “GHSA-grjp-54v3-c442” in the title, which means this (still-reserved) CVE must correspond to https://github.com/advisories/GHSA-grjp-54v3-c442. According to that disclosure, the fix is in https://github.com/PixarAnimationStudios/OpenUSD/commit/b9530922b6a8ea72cd43661226b693fff8abbe4c, which shipped in USD 25.11, and which upstream does not intend to backport, but which I was able to backport downstream.

Given that it was Red Hat Product Security commenting on the patch and asking for a CVE to be reserved, it’s awfully frustrating that this bug had no useful information and no links to the upstream report and patch.

FEDORA-2025-2e7d5d49f2 (usd-25.02a-5.fc42) has been submitted as an update to Fedora 42.
https://bodhi.fedoraproject.org/updates/FEDORA-2025-2e7d5d49f2

FEDORA-2025-2e7d5d49f2 has been pushed to the Fedora 42 testing repository.
Soon you'll be able to install the update with the following command:
`sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2025-2e7d5d49f2`
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2025-2e7d5d49f2

See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.

FEDORA-2025-2e7d5d49f2 (usd-25.02a-5.fc42) has been pushed to the Fedora 42 stable repository.
If problem still persists, please make note of it in this bug report.