Certain Autodesk products use a shared component that is affected by multiple vulnerabilities listed below. Exploitation of these vulnerabilities can lead to code execution. Exploitation of these vulnerabilities requires user interaction. Description

The details of the vulnerabilities are as follows:

CVE-2025-5038: A maliciously crafted X_T file, when parsed through certain Autodesk products, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVE-2025-5043: A maliciously crafted 3DM file, when linked or imported into certain Autodesk products, can force a Heap-Based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6631: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-6635: A maliciously crafted PRT file, when linked or imported into certain Autodesk products, can force an Out-of-Bounds Read vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6636: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force a Use-After-Free vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process.

CVE-2025-6637: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-7497: A maliciously crafted PRT file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVE-2025-7675: A maliciously crafted 3DM file, when parsed through certain Autodesk products, can force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

Affected Products

Item: Autodesk AutoCAD 2026 and the following specialized toolsets: Autodesk AutoCAD Architecture 2026, Autodesk AutoCAD Electrical 2026, Autodesk AutoCAD Mechanical 2026, Autodesk AutoCAD MEP 2026, Autodesk AutoCAD Plant 3D 2026, Autodesk AutoCAD Map 3D 2026

Autodesk Advance Steel 2026, Autodesk 3ds Max 2026, Autodesk Civil 3D 2026, Autodesk InfraWorks 2026, Autodesk Inventor 2026, Autodesk Revit 2026, Autodesk Revit LT 2026, Autodesk Vault 2026

Impacted Versions: Autodesk Shared Components 2026.2

Mitigated Versions: Autodesk Shared Components 2026.3

Update Source: Autodesk Access or Accounts Portal