Vulnerabilites related to autodesk - vault
CVE-2025-5039 (GCVE-0-2025-5039)
Vulnerability from cvelistv5
Published
2025-07-24 17:11
Modified
2025-08-19 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-426 - Untrusted Search Path
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | AutoCAD |
Version: 2026 < 2026.1 cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:* |
|||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5039",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-24T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-25T03:55:30.703Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.1",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2026:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.0.2",
"status": "affected",
"version": "2026",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.\u003cbr\u003e"
}
],
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
}
],
"impacts": [
{
"capecId": "CAPEC-38",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-38 Leveraging/Manipulating Configuration File Search Paths"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-426",
"description": "CWE-426 Untrusted Search Path",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:42.116Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Privilege Ecalation due to Untrusted Search Path Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5039",
"datePublished": "2025-07-24T17:11:14.714Z",
"dateReserved": "2025-05-21T13:00:59.147Z",
"dateUpdated": "2025-08-19T13:17:42.116Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6635 (GCVE-0-2025-6635)
Vulnerability from cvelistv5
Published
2025-07-29 17:53
Modified
2025-08-19 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-125 - Out-of-Bounds Read
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.940Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-Bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:59.522Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Read Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6635",
"datePublished": "2025-07-29T17:53:35.895Z",
"dateReserved": "2025-06-25T13:44:26.482Z",
"dateUpdated": "2025-08-19T13:21:59.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5043 (GCVE-0-2025-5043)
Vulnerability from cvelistv5
Published
2025-07-29 17:52
Modified
2025-08-19 13:19
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-122 - Heap-Based Buffer Overflow
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5043",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:50.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122 Heap-Based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:19:36.659Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Heap-Based Overflow Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5043",
"datePublished": "2025-07-29T17:52:37.857Z",
"dateReserved": "2025-05-21T13:01:02.814Z",
"dateUpdated": "2025-08-19T13:19:36.659Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6637 (GCVE-0-2025-6637)
Vulnerability from cvelistv5
Published
2025-07-29 17:56
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6637",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:55.467Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:28.965Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6637",
"datePublished": "2025-07-29T17:56:50.031Z",
"dateReserved": "2025-06-25T13:44:28.817Z",
"dateUpdated": "2025-08-19T13:22:28.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6636 (GCVE-0-2025-6636)
Vulnerability from cvelistv5
Published
2025-07-29 17:54
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-416 - Use After Free
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6636",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:54.668Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:14.824Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Use-After-Free Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6636",
"datePublished": "2025-07-29T17:54:02.053Z",
"dateReserved": "2025-06-25T13:44:27.794Z",
"dateUpdated": "2025-08-19T13:22:14.824Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-1276 (GCVE-0-2025-1276)
Vulnerability from cvelistv5
Published
2025-04-15 20:55
Modified
2025-08-19 12:48
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ► | Autodesk | AutoCAD |
Version: 2025 < 2025.1.2 Version: 2024 < 2024.1.7 Version: 2023 < 2023.1.7 cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:* cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:* |
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-1276",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-18T03:55:45.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:autocad:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_architecture:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_architecture:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Architecture",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_electrical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_electrical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Electrical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_map_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_map_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MAP 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mechanical:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mechanical:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Mechanical",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_mep:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_mep:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD MEP",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_plant_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_plant_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD Plant 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:advance_steel:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:advance_steel:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Advance Steel",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:civil_3d:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:civil_3d:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Civil 3D",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:autocad_lt:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:autocad_lt:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "AutoCAD LT",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:realdwg:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:realdwg:2024:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "RealDWG",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:autodesk:dwg_trueview:2025:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2024:*:*:*:*:*:*:*",
"cpe:2.3:a:autodesk:dwg_trueview:2023:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "DWG TrueView",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2025.1.2",
"status": "affected",
"version": "2025",
"versionType": "custom"
},
{
"lessThan": "2024.1.7",
"status": "affected",
"version": "2024",
"versionType": "custom"
},
{
"lessThan": "2023.1.7",
"status": "affected",
"version": "2023",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T12:48:17.475Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "DWG File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-1276",
"datePublished": "2025-04-15T20:55:04.255Z",
"dateReserved": "2025-02-13T15:16:31.469Z",
"dateUpdated": "2025-08-19T12:48:17.475Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-6631 (GCVE-0-2025-6631)
Vulnerability from cvelistv5
Published
2025-07-29 17:53
Modified
2025-08-19 13:21
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-6631",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:52.059Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:21:00.832Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-6631",
"datePublished": "2025-07-29T17:53:04.135Z",
"dateReserved": "2025-06-25T13:43:01.062Z",
"dateUpdated": "2025-08-19T13:21:00.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7675 (GCVE-0-2025-7675)
Vulnerability from cvelistv5
Published
2025-07-29 17:57
Modified
2025-08-19 13:23
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7675",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:57.025Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:23:05.667Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "3DM File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7675",
"datePublished": "2025-07-29T17:57:36.134Z",
"dateReserved": "2025-07-15T12:31:56.589Z",
"dateUpdated": "2025-08-19T13:23:05.667Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-5038 (GCVE-0-2025-5038)
Vulnerability from cvelistv5
Published
2025-07-29 17:51
Modified
2025-08-19 13:17
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-120 - Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-5038",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:49.666Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-120",
"description": "CWE-120 Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:17:02.999Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "X_T File Parsing Memory Corruption Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-5038",
"datePublished": "2025-07-29T17:51:59.877Z",
"dateReserved": "2025-05-21T13:00:58.307Z",
"dateUpdated": "2025-08-19T13:17:02.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-7497 (GCVE-0-2025-7497)
Vulnerability from cvelistv5
Published
2025-07-29 17:57
Modified
2025-08-19 13:22
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-787 - Out-of-Bounds Write
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
| ► | URL | Tags |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Autodesk | Shared Components |
Version: 2026.2 < 2026.3 cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7497",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-07-29T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-07-30T03:55:56.262Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:autodesk:shared_components:2026.3:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "Shared Components",
"vendor": "Autodesk",
"versions": [
{
"lessThan": "2026.3",
"status": "affected",
"version": "2026.2",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.\u003cbr\u003e"
}
],
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-Bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-08-19T13:22:46.904Z",
"orgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"shortName": "autodesk"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"tags": [
"vendor-advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "PRT File Parsing Out-of-Bounds Write Vulnerability",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "7e40ea87-bc65-4944-9723-dd79dd760601",
"assignerShortName": "autodesk",
"cveId": "CVE-2025-7497",
"datePublished": "2025-07-29T17:57:13.572Z",
"dateReserved": "2025-07-11T15:02:31.021Z",
"dateUpdated": "2025-08-19T13:22:46.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7497",
"lastModified": "2025-08-19T14:15:42.883",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.733",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de uso despu\u00e9s de la liberaci\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6636",
"lastModified": "2025-08-19T14:15:42.533",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.350",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de lectura fuera de los l\u00edmites. Un agente malintencionado puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6635",
"lastModified": "2025-08-19T14:15:42.380",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.170",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al vincularse o importarse a ciertos productos de Autodesk, puede generar una vulnerabilidad de desbordamiento basado en mont\u00f3n. Un agente malicioso puede aprovechar esta vulnerabilidad para provocar un bloqueo, leer datos confidenciales o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5043",
"lastModified": "2025-08-19T14:15:41.273",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.783",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-04-15 21:15
Modified
2025-08-19 13:15
Severity ?
Summary
A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6635B2E-79F9-4E17-91DE-3147AEAAECD3",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CF0503B6-5889-44EA-82BD-8975C69DC4EF",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:*:*:*:*:*:*:*:*",
"matchCriteriaId": "36B8EE53-5CD1-4CC9-9829-ED06BEB742C8",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "BAA7DE4E-9D9D-4A3C-9813-1ECA420CA55D",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "973B1CE6-8763-42F4-9E43-46CA1C0398FE",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:*:*:*:*:*:-:*:*",
"matchCriteriaId": "6DF31D4A-4E66-4425-98C3-3A4172F27634",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2C5628D4-B66A-4D97-A079-0288AB4A78D1",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7063D783-E671-421A-99D2-AC6DFAAA298C",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDEB087-1A78-402D-A50F-64A172B941D3",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3D6F5A94-EE54-43B3-955F-7C3615D6E0E0",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3FC07F09-9A3B-4E9B-9A06-D9AC6DD82535",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F923BEB3-D0A6-4FB8-95CA-4AF1369FAB08",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "3B8C034F-57BD-4F6D-B6F0-904FC1212CBB",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "5A34FC4A-17E3-4F32-AF55-146A3E0A8D73",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_lt:*:*:*:*:*:-:*:*",
"matchCriteriaId": "DACE53EA-C06D-4BAD-A47C-2AD7D9BA3FC7",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E920B994-CFAF-4585-BBFB-5BB453BB091A",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88A19D6B-8863-4A0C-9422-53EF25653A22",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E858EBC9-08A6-480C-A896-C15A1D89FAF7",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD9F716E-DA62-473B-8057-D5C1ED9A6068",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F24D151E-23F1-4EBF-8949-088F6A95C2F0",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6BBD42-FFD8-474D-8ABA-A614B5F74508",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "78DB2C5D-9640-45E1-9D5C-12514E9C6C1B",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "00A20CE8-64D8-4F4B-9BF8-84A5D691051E",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:*:*:*:*:*:*:*:*",
"matchCriteriaId": "939BC44C-8CF2-4BA7-AC06-71B679BDF69A",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "54718FCB-A8EE-4852-B406-0D3A41633A4F",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC171BB-5A63-4D93-BAB4-E4C0743686C9",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5AD85595-32CE-4517-A17F-E3E48114EE6B",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9FC6A58E-5F08-4D92-8640-D21C24A34B85",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "84402AA2-842C-4F45-BEEE-01B4399F8A2D",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E2E4D88D-B3B5-42A9-B3B6-E95BDCC1E805",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CB3814C7-89F1-4769-A667-8A941FECFECA",
"versionEndExcluding": "2023.1.7",
"versionStartIncluding": "2023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5615AA3-02AB-41E6-B207-C8E2BF14381B",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:dwg_trueview:*:*:*:*:*:*:*:*",
"matchCriteriaId": "68D32CA8-DAE5-454E-9611-6DC7D39936B6",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9ACA58FE-046E-47D0-B091-58725ABC1D5E",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06EEA81D-D2D2-4553-8B50-7CF851D2F451",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AA2D3721-3DFB-4BF2-AB50-F7FB5D582DFB",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "33271DFE-EA9E-470B-889C-920D7CC014D9",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C24857A-342D-4B37-89D7-BAD0C71D58F1",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E3B7FDC4-BEC1-4F90-A112-6960176F6748",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "28734A5D-CAEB-4F94-9892-DA3F45E3DA41",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1B72D634-D894-406F-81F0-2421BA22FFAD",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "328F43A7-346C-4C9D-8153-74497327D053",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C38D944-8471-47A0-AFAC-ECA76CB58E57",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5C6486EE-BCC7-469A-B5B7-B9950B1DEF67",
"versionEndExcluding": "2024.1.7",
"versionStartIncluding": "2024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "611BC4BF-41BF-46D9-ADB2-92B6CBAB9FBE",
"versionEndExcluding": "2025.1.2",
"versionStartIncluding": "2025",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted DWG file, when parsed through certain Autodesk applications, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo DWG manipulado con fines maliciosos, al analizarse mediante ciertas aplicaciones de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-1276",
"lastModified": "2025-08-19T13:15:39.800",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-04-15T21:15:47.320",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/dwg-trueview/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0004"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-24 17:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | infrastructure_parts_editor | * | |
| autodesk | inventor | * | |
| autodesk | navisworks_manage | * | |
| autodesk | navisworks_simulate | * | |
| autodesk | revit | * | |
| autodesk | vault | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:infrastructure_parts_editor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "03EE8BC1-4EC3-49E3-9C1C-CFBD8C531ECD",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EF7D5DEC-D172-49F2-89AE-9BFC5DFE98A6",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_manage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E916918-4CF5-4628-BD1B-C6FA94CBB353",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:navisworks_simulate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5AB26D6-C349-48FB-9A09-C32C987904A8",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:revit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0B92B643-9C29-4604-8967-EB7A238120AB",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:autodesk:vault:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AAA7B4A5-345D-47E2-B295-0AF2BE88C19E",
"versionEndExcluding": "2026.0.2",
"versionStartIncluding": "2026",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted binary file, when present while loading files in certain Autodesk applications, could lead to execution of arbitrary code in the context of the current process due to an untrusted search path being utilized."
},
{
"lang": "es",
"value": "Un archivo binario manipulado con fines malintencionados, cuando est\u00e1 presente durante la carga de archivos en ciertas aplicaciones de Autodesk, podr\u00eda provocar la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del proceso actual debido al uso de una ruta de b\u00fasqueda no confiable."
}
],
"id": "CVE-2025-5039",
"lastModified": "2025-08-19T14:15:40.773",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-24T17:15:32.817",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0014"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-426"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo X_T manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede generar una vulnerabilidad de corrupci\u00f3n de memoria. Un agente malicioso puede aprovechar esta vulnerabilidad para ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-5038",
"lastModified": "2025-08-19T14:15:40.623",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.590",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-120"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6637",
"lastModified": "2025-08-19T14:15:42.677",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.550",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo PRT manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-6631",
"lastModified": "2025-08-19T14:15:41.790",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:31.983",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2025-07-29 18:15
Modified
2025-08-19 14:15
Severity ?
Summary
A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| autodesk | shared_components | 2026.2 | |
| autodesk | 3ds_max | 2026 | |
| autodesk | advance_steel | 2026 | |
| autodesk | autocad | 2026 | |
| autodesk | autocad_architecture | 2026 | |
| autodesk | autocad_electrical | 2026 | |
| autodesk | autocad_map_3d | 2026 | |
| autodesk | autocad_mechanical | 2026 | |
| autodesk | autocad_mep | 2026 | |
| autodesk | autocad_plant_3d | 2026 | |
| autodesk | civil_3d | 2026 | |
| autodesk | infraworks | 2026 | |
| autodesk | inventor | 2026 | |
| autodesk | revit | 2026 | |
| autodesk | revit_lt | 2026 | |
| autodesk | vault | 2026 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:shared_components:2026.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F619380D-7F2A-453B-BC9C-EBF82B7628A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:autodesk:3ds_max:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "B938D507-D95A-4EAD-86AB-9B52A3682414",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:advance_steel:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "68738B5A-B918-4CA3-BD13-4040B3219AFC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "8890EECB-7AB5-41A3-8E77-314183BC3AB3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_architecture:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "CE935915-6926-474F-B5A4-7E77EF7426DD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_electrical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "BEC23105-1362-4BFE-9C93-F0AAA5BAF2B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_map_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB79016-0BB6-4E8A-8AE3-5AB39A252DED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mechanical:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "4A159D88-990D-41D7-B6B0-D97B38241860",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_mep:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "046ADE16-4275-4BEF-9A71-480E709383F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:autocad_plant_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "EEB9FCDC-6717-44EB-AA55-983A771E2460",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:civil_3d:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "3383C40E-DD43-4146-9B58-C44585E40985",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:infraworks:2026:-:*:*:*:*:*:*",
"matchCriteriaId": "1B01CD79-B993-47BB-B775-C10422FB956B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:inventor:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "F7393B89-15A9-4709-9FF3-DA1C88770594",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "58A56B67-B754-4525-995A-F70CAA6B5AAB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:revit_lt:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "DF3C0C68-F0D7-4737-8D37-D99F128DAB47",
"vulnerable": false
},
{
"criteria": "cpe:2.3:a:autodesk:vault:2026:*:*:*:*:*:*:*",
"matchCriteriaId": "08F81FC1-1B7C-40AF-88DB-B62F24CFA21C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process."
},
{
"lang": "es",
"value": "Un archivo 3DM manipulado con fines maliciosos, al analizarse mediante ciertos productos de Autodesk, puede forzar una vulnerabilidad de escritura fuera de los l\u00edmites. Un agente malicioso podr\u00eda aprovechar esta vulnerabilidad para provocar un bloqueo, da\u00f1ar datos o ejecutar c\u00f3digo arbitrario en el contexto del proceso actual."
}
],
"id": "CVE-2025-7675",
"lastModified": "2025-08-19T14:15:43.150",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
},
"published": "2025-07-29T18:15:32.923",
"references": [
{
"source": "psirt@autodesk.com",
"url": "https://www.autodesk.com/products/autodesk-access/overview"
},
{
"source": "psirt@autodesk.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.autodesk.com/trust/security-advisories/adsk-sa-2025-0015"
}
],
"sourceIdentifier": "psirt@autodesk.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "psirt@autodesk.com",
"type": "Secondary"
}
]
}