Vulnerabilites related to autodesk - revit_lt
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6631",
"lastModified": "2025-08-19T14:15:41.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.983",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7497",
"lastModified": "2025-08-19T14:15:42.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.733",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo X_T manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de corrupci\u00f3n de memoria. Un agente malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5038",
"lastModified": "2025-08-19T14:15:40.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.590",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de lectura fuera de los l\u00edmites. Un agente malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6635",
"lastModified": "2025-08-19T14:15:42.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.170",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6636",
"lastModified": "2025-08-19T14:15:42.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.350",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6637",
"lastModified": "2025-08-19T14:15:42.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.550",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5043",
"lastModified": "2025-08-19T14:15:41.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.783",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7675",
"lastModified": "2025-08-19T14:15:43.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.923",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
CVE-2025-6637 (GCVE-0-2025-6637)
Vulnerability from cvelistv5
Published
2025-07-29 17:56
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:55.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:28.965Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6637",
"datePublished": "2025-07-29T17:56:50.031Z",
"dateReserved": "2025-06-25T13:44:28.817Z",
"dateUpdated": "2025-08-19T13:22:28.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7675 (GCVE-0-2025-7675)
Vulnerability from cvelistv5
Published
2025-07-29 17:57
Modified
2025-08-19 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:57.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:23:05.667Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7675",
"datePublished": "2025-07-29T17:57:36.134Z",
"dateReserved": "2025-07-15T12:31:56.589Z",
"dateUpdated": "2025-08-19T13:23:05.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6635 (GCVE-0-2025-6635)
Vulnerability from cvelistv5
Published
2025-07-29 17:53
Modified
2025-08-19 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-Bounds Read
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:59.522Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6635",
"datePublished": "2025-07-29T17:53:35.895Z",
"dateReserved": "2025-06-25T13:44:26.482Z",
"dateUpdated": "2025-08-19T13:21:59.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5043 (GCVE-0-2025-5043)
Vulnerability from cvelistv5
Published
2025-07-29 17:52
Modified
2025-08-19 13:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-Based Buffer Overflow
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:50.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:19:36.659Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Heap-Based Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5043",
"datePublished": "2025-07-29T17:52:37.857Z",
"dateReserved": "2025-05-21T13:01:02.814Z",
"dateUpdated": "2025-08-19T13:19:36.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5038 (GCVE-0-2025-5038)
Vulnerability from cvelistv5
Published
2025-07-29 17:51
Modified
2025-08-19 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:49.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:02.999Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "X_T File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5038",
"datePublished": "2025-07-29T17:51:59.877Z",
"dateReserved": "2025-05-21T13:00:58.307Z",
"dateUpdated": "2025-08-19T13:17:02.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6631 (GCVE-0-2025-6631)
Vulnerability from cvelistv5
Published
2025-07-29 17:53
Modified
2025-08-19 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:00.832Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6631",
"datePublished": "2025-07-29T17:53:04.135Z",
"dateReserved": "2025-06-25T13:43:01.062Z",
"dateUpdated": "2025-08-19T13:21:00.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7497 (GCVE-0-2025-7497)
Vulnerability from cvelistv5
Published
2025-07-29 17:57
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:56.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:46.904Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7497",
"datePublished": "2025-07-29T17:57:13.572Z",
"dateReserved": "2025-07-11T15:02:31.021Z",
"dateUpdated": "2025-08-19T13:22:46.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6636 (GCVE-0-2025-6636)
Vulnerability from cvelistv5
Published
2025-07-29 17:54
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:54.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:14.824Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6636",
"datePublished": "2025-07-29T17:54:02.053Z",
"dateReserved": "2025-06-25T13:44:27.794Z",
"dateUpdated": "2025-08-19T13:22:14.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}