Vulnerabilites related to Autodesk - Navisworks Simulate
CVE-2024-12192 (GCVE-0-2024-12192)
Vulnerability from cvelistv5
Published
2024-12-17 15:17
Modified
2025-02-10 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:33:49.813338Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:34:02.527Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:35:25.685Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12192",
"datePublished": "2024-12-17T15:17:56.627Z",
"dateReserved": "2024-12-04T17:01:22.228Z",
"dateUpdated": "2025-02-10T20:35:25.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7675 (GCVE-0-2024-7675)
Vulnerability from cvelistv5
Published
2024-09-30 20:30
Modified
2025-01-29 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 Version: 2024 Version: 2023 Version: 2022 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:10.970180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:40:59.006Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWF file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Use-After-Free. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:39:03.964Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7675",
"datePublished": "2024-09-30T20:30:31.826Z",
"dateReserved": "2024-08-10T16:13:31.696Z",
"dateUpdated": "2025-01-29T16:39:03.964Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12191 (GCVE-0-2024-12191)
Vulnerability from cvelistv5
Published
2024-12-17 15:17
Modified
2025-02-10 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:34:49.276077Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:34:57.310Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:35:49.492Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12191",
"datePublished": "2024-12-17T15:17:15.621Z",
"dateReserved": "2024-12-04T17:00:16.111Z",
"dateUpdated": "2025-02-10T20:35:49.492Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12197 (GCVE-0-2024-12197)
Vulnerability from cvelistv5
Published
2024-12-17 15:21
Modified
2025-02-10 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12197",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:00:18.108656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:00:26.418Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:34:33.661Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12197",
"datePublished": "2024-12-17T15:21:43.044Z",
"dateReserved": "2024-12-04T17:05:00.492Z",
"dateUpdated": "2025-02-10T20:34:33.661Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12200 (GCVE-0-2024-12200)
Vulnerability from cvelistv5
Published
2024-12-17 15:26
Modified
2025-02-10 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12200",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:55:56.194600Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:56:09.767Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:33:01.822Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12200",
"datePublished": "2024-12-17T15:26:28.404Z",
"dateReserved": "2024-12-04T17:09:35.223Z",
"dateUpdated": "2025-02-10T20:33:01.822Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12199 (GCVE-0-2024-12199)
Vulnerability from cvelistv5
Published
2024-12-17 15:24
Modified
2025-02-10 20:33
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12199",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:56:24.600977Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:59:42.505Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:33:29.734Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12199",
"datePublished": "2024-12-17T15:24:15.296Z",
"dateReserved": "2024-12-04T17:08:43.647Z",
"dateUpdated": "2025-02-10T20:33:29.734Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7672 (GCVE-0-2024-7672)
Vulnerability from cvelistv5
Published
2024-09-30 20:29
Modified
2025-02-10 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.3 Version: 2024 < 2024.3 Version: 2023 < 2023.5 Version: 2022 < 2022.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7672",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:15.457943Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:44:04.177Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:32:00.195Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7672",
"datePublished": "2024-09-30T20:29:03.464Z",
"dateReserved": "2024-08-10T16:13:28.211Z",
"dateUpdated": "2025-02-10T20:32:00.195Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12198 (GCVE-0-2024-12198)
Vulnerability from cvelistv5
Published
2024-12-17 15:22
Modified
2025-02-10 20:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12198",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:59:53.039934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:00:06.771Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:34:08.043Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12198",
"datePublished": "2024-12-17T15:22:49.565Z",
"dateReserved": "2024-12-04T17:07:49.179Z",
"dateUpdated": "2025-02-10T20:34:08.043Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7674 (GCVE-0-2024-7674)
Vulnerability from cvelistv5
Published
2024-09-30 20:30
Modified
2025-01-29 16:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.3 Version: 2024 < 2024.3 Version: 2023 < 2023.5 Version: 2022 < 2022.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7674",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:12.546535Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:43:00.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWF file, when parsed in dwfcore.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:35:07.948Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7674",
"datePublished": "2024-09-30T20:30:07.187Z",
"dateReserved": "2024-08-10T16:13:30.551Z",
"dateUpdated": "2025-01-29T16:35:07.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1658 (GCVE-0-2025-1658)
Vulnerability from cvelistv5
Published
2025-04-01 12:27
Modified
2025-08-19 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-Bounds Read
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.5 cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:* |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1658",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T03:55:27.357Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:13:21.792Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1658",
"datePublished": "2025-04-01T12:27:24.602Z",
"dateReserved": "2025-02-24T20:15:53.141Z",
"dateUpdated": "2025-08-19T13:13:21.792Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12671 (GCVE-0-2024-12671)
Vulnerability from cvelistv5
Published
2024-12-17 15:28
Modified
2025-02-10 20:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:45:56.846039Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:46:05.397Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:37:01.034Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12671",
"datePublished": "2024-12-17T15:28:48.438Z",
"dateReserved": "2024-12-16T14:52:33.930Z",
"dateUpdated": "2025-02-10T20:37:01.034Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7670 (GCVE-0-2024-7670)
Vulnerability from cvelistv5
Published
2024-09-30 20:25
Modified
2025-01-29 16:38
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-bounds Read
Summary
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.3 Version: 2024 < 2024.3 Version: 2023 < 2023.5 Version: 2022 < 2022.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:17.882957Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:45:29.229Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:38:14.833Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7670",
"datePublished": "2024-09-30T20:25:32.777Z",
"dateReserved": "2024-08-10T16:13:22.403Z",
"dateUpdated": "2025-01-29T16:38:14.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12178 (GCVE-0-2024-12178)
Vulnerability from cvelistv5
Published
2024-12-17 15:16
Modified
2025-01-29 16:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:36:10.207026Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:36:28.205Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:39:56.684Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12178",
"datePublished": "2024-12-17T15:16:31.988Z",
"dateReserved": "2024-12-04T16:29:28.425Z",
"dateUpdated": "2025-01-29T16:39:56.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12670 (GCVE-0-2024-12670)
Vulnerability from cvelistv5
Published
2024-12-17 15:28
Modified
2025-01-29 16:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12670",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:46:17.014347Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:46:52.263Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:48:04.938Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12670",
"datePublished": "2024-12-17T15:28:05.933Z",
"dateReserved": "2024-12-16T14:41:31.535Z",
"dateUpdated": "2025-01-29T16:48:04.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1660 (GCVE-0-2025-1660)
Vulnerability from cvelistv5
Published
2025-04-01 12:29
Modified
2025-08-19 13:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.5 cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:* |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1660",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T03:55:20.328Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:14:04.769Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1660",
"datePublished": "2025-04-01T12:29:20.944Z",
"dateReserved": "2025-02-24T20:15:55.160Z",
"dateUpdated": "2025-08-19T13:14:04.769Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12669 (GCVE-0-2024-12669)
Vulnerability from cvelistv5
Published
2024-12-17 15:27
Modified
2025-01-29 16:47
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12669",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:55:15.741934Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:55:46.891Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:47:16.475Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12669",
"datePublished": "2024-12-17T15:27:17.052Z",
"dateReserved": "2024-12-16T14:24:34.883Z",
"dateUpdated": "2025-01-29T16:47:16.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12193 (GCVE-0-2024-12193)
Vulnerability from cvelistv5
Published
2024-12-17 15:18
Modified
2025-02-10 20:35
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12193",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:35:43.313638Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:37:12.286Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:35:01.119Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12193",
"datePublished": "2024-12-17T15:18:38.961Z",
"dateReserved": "2024-12-04T17:02:44.990Z",
"dateUpdated": "2025-02-10T20:35:01.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7671 (GCVE-0-2024-7671)
Vulnerability from cvelistv5
Published
2024-09-30 20:28
Modified
2025-02-10 20:32
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.3 Version: 2024 < 2024.3 Version: 2023 < 2023.5 Version: 2022 < 2022.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7671",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:16.740777Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:45:16.773Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed in dwfcore.dll through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:32:31.701Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7671",
"datePublished": "2024-09-30T20:28:34.579Z",
"dateReserved": "2024-08-10T16:13:26.356Z",
"dateUpdated": "2025-02-10T20:32:31.701Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1659 (GCVE-0-2025-1659)
Vulnerability from cvelistv5
Published
2025-04-01 12:28
Modified
2025-08-19 13:13
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-Bounds Read
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.5 cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:* |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1659",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T03:55:25.929Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.5",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:13:38.044Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0002"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1659",
"datePublished": "2025-04-01T12:28:06.627Z",
"dateReserved": "2025-02-24T20:15:54.081Z",
"dateUpdated": "2025-08-19T13:13:38.044Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-7673 (GCVE-0-2024-7673)
Vulnerability from cvelistv5
Published
2024-09-30 20:29
Modified
2025-01-29 16:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.3 Version: 2024 < 2024.3 Version: 2023 < 2023.5 Version: 2022 < 2022.6 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_freedom:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_freedom",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_simulate",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "navisworks_manage",
"vendor": "autodesk",
"versions": [
{
"status": "affected",
"version": "2025"
},
{
"status": "affected",
"version": "2024"
},
{
"status": "affected",
"version": "2023"
},
{
"status": "affected",
"version": "2022"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-7673",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T21:01:14.079173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-03T16:43:53.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_freedom:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_simulate:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2023:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:navisworks_manage:2022:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.3",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.3",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.5",
"status": "affected",
"version": "2023",
"versionType": "custom"
},
{
"lessThan": "2022.6",
"status": "affected",
"version": "2022",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed in w3dtk.dll through Autodesk Navisworks, can force a Heap-based Buffer Overflow. A malicious actor can leverage this vulnerability to cause a crash or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:36:21.747Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-7673",
"datePublished": "2024-09-30T20:29:24.756Z",
"dateReserved": "2024-08-10T16:13:29.464Z",
"dateUpdated": "2025-01-29T16:36:21.747Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11422 (GCVE-0-2024-11422)
Vulnerability from cvelistv5
Published
2024-12-17 15:15
Modified
2025-02-10 20:36
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-bounds Write
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-11422",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:01:00.524165Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:03:52.756Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. \u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-10T20:36:32.091Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-11422",
"datePublished": "2024-12-17T15:15:17.614Z",
"dateReserved": "2024-11-19T15:06:04.744Z",
"dateUpdated": "2025-02-10T20:36:32.091Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12194 (GCVE-0-2024-12194)
Vulnerability from cvelistv5
Published
2024-12-17 15:20
Modified
2025-01-29 16:44
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12194",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T16:00:36.826047Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T16:00:47.336Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:44:33.383Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12194",
"datePublished": "2024-12-17T15:20:17.674Z",
"dateReserved": "2024-12-04T17:03:52.996Z",
"dateUpdated": "2025-01-29T16:44:33.383Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12179 (GCVE-0-2024-12179)
Vulnerability from cvelistv5
Published
2024-12-17 15:19
Modified
2025-01-29 16:40
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-based Buffer Overflow
Summary
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | Navisworks Freedom |
Version: 2025 < 2025.4 |
|||||||||||
|
||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12179",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-17T15:30:23.695137Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-17T15:31:25.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_freedom:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Freedom",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_simulate:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Simulate",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
},
{
"cpe": [
"cpe:2.3:a:autodesk:navisworks_manage:2025:*:*:*:*:windows:*:*"
],
"defaultStatus": "unaffected",
"product": "Navisworks Manage",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.4",
"status": "affected",
"version": "2025",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eA maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-29T16:40:24.897Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0027"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2024-12179",
"datePublished": "2024-12-17T15:19:29.587Z",
"dateReserved": "2024-12-04T16:30:45.791Z",
"dateUpdated": "2025-01-29T16:40:24.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}